Overview

overview

10

Static

static

84d45396fb...9a.exe

windows7-x64

10

84d45396fb...9a.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    84d45396fbffe5777785740763f5ca8a5afe37f1e662c81c042a9c03050bb59a

  • Size

    442KB

  • Sample

    221028-yg5lrsddan

  • MD5

    0988372291a3f344016cd7d518af62e0

  • SHA1

    79aed9e559d5b9af8a6c9f9c4a8f2df12de23740

  • SHA256

    84d45396fbffe5777785740763f5ca8a5afe37f1e662c81c042a9c03050bb59a

  • SHA512

    948b1ceb1307336d08ed000de59eedef56cb96185dd43034a21091746a71af7b52c59c12c9b84b32bc25a598bbdf590ffb750e4587cdffc650cf7583d1c9237b

  • SSDEEP

    12288:H6O1Rx+IDM95PRoa5IcrBIZNzAZDsl+5mAuT/QTS4wN:HV1Rx+II/PRtmgBIZYmlxb

Score
10/10
evasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      84d45396fbffe5777785740763f5ca8a5afe37f1e662c81c042a9c03050bb59a

    • Size

      442KB

    • MD5

      0988372291a3f344016cd7d518af62e0

    • SHA1

      79aed9e559d5b9af8a6c9f9c4a8f2df12de23740

    • SHA256

      84d45396fbffe5777785740763f5ca8a5afe37f1e662c81c042a9c03050bb59a

    • SHA512

      948b1ceb1307336d08ed000de59eedef56cb96185dd43034a21091746a71af7b52c59c12c9b84b32bc25a598bbdf590ffb750e4587cdffc650cf7583d1c9237b

    • SSDEEP

      12288:H6O1Rx+IDM95PRoa5IcrBIZNzAZDsl+5mAuT/QTS4wN:HV1Rx+II/PRtmgBIZYmlxb

    Score
    10/10
    evasionpersistencetrojanspywarestealer

    • Modifies visibility of file extensions in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks