Overview

overview

10

Static

static

15557b420c...26.exe

windows7-x64

10

15557b420c...26.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15557b420c910a33c943fafe78d8c84cf83871a89292a18ba63fb77d441d1c26

  • Size

    725KB

  • Sample

    221020-n6jqgscfbq

  • MD5

    a04a6840cbd6a6d34b6aff005fc52f40

  • SHA1

    3568e41632ccd228f5d4a648ead8670a05b93c55

  • SHA256

    15557b420c910a33c943fafe78d8c84cf83871a89292a18ba63fb77d441d1c26

  • SHA512

    0817b55892e46e2da62d26145a48b3a3eb0d2db32a17cfa57c3d32d303e663b284f947dab9ebd77b7c269e4c6896698049740875e56bbfcc5642b3cc10a33c98

  • SSDEEP

    12288:gdRzcwWBZVJxaUVulvZVD9lA0kwfuj/7ZigqVvtL6DEWy3kZ45/PnWneoLVaxmwS:URfubJxaLjVZlAViE1igqVvtL6DEWy3y

Score
10/10
evasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      15557b420c910a33c943fafe78d8c84cf83871a89292a18ba63fb77d441d1c26

    • Size

      725KB

    • MD5

      a04a6840cbd6a6d34b6aff005fc52f40

    • SHA1

      3568e41632ccd228f5d4a648ead8670a05b93c55

    • SHA256

      15557b420c910a33c943fafe78d8c84cf83871a89292a18ba63fb77d441d1c26

    • SHA512

      0817b55892e46e2da62d26145a48b3a3eb0d2db32a17cfa57c3d32d303e663b284f947dab9ebd77b7c269e4c6896698049740875e56bbfcc5642b3cc10a33c98

    • SSDEEP

      12288:gdRzcwWBZVJxaUVulvZVD9lA0kwfuj/7ZigqVvtL6DEWy3kZ45/PnWneoLVaxmwS:URfubJxaLjVZlAViE1igqVvtL6DEWy3y

    Score
    10/10
    evasionpersistencespywarestealertrojan

    • Modifies WinLogon for persistence

      persistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks