Overview

overview

10

Static

static

625bae212b...6c.exe

windows7-x64

10

625bae212b...6c.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    625bae212bda0eca7e799b884ae6970b27a66f3200caa79f89acb359edc7366c

  • Size

    486KB

  • Sample

    221030-cm27yagdh4

  • MD5

    850e53749b5da616d21bce97e92c2d90

  • SHA1

    763d2fe2d983289c403cc88554c23f2f19d58499

  • SHA256

    625bae212bda0eca7e799b884ae6970b27a66f3200caa79f89acb359edc7366c

  • SHA512

    fb8536726ad34d25a130ca5cafab8b8218e0fa857835a3d794bfaa4b1172d1f3cbdd95d7f511069443e2b1eaacef40ae678352ae0e9662cf97de7792a9077b9f

  • SSDEEP

    12288:mPPbulHLsM5XOTLzEoYsh69mY0oQHjtSv+Tslc:YPYsaGLI6o505UvU

Score
10/10
evasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      625bae212bda0eca7e799b884ae6970b27a66f3200caa79f89acb359edc7366c

    • Size

      486KB

    • MD5

      850e53749b5da616d21bce97e92c2d90

    • SHA1

      763d2fe2d983289c403cc88554c23f2f19d58499

    • SHA256

      625bae212bda0eca7e799b884ae6970b27a66f3200caa79f89acb359edc7366c

    • SHA512

      fb8536726ad34d25a130ca5cafab8b8218e0fa857835a3d794bfaa4b1172d1f3cbdd95d7f511069443e2b1eaacef40ae678352ae0e9662cf97de7792a9077b9f

    • SSDEEP

      12288:mPPbulHLsM5XOTLzEoYsh69mY0oQHjtSv+Tslc:YPYsaGLI6o505UvU

    Score
    10/10
    evasionpersistencespywarestealertrojan

    • Modifies WinLogon for persistence

      persistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks