Overview

overview

10

Static

static

7f23ade422...7e.exe

windows7-x64

10

7f23ade422...7e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7f23ade422445291a5fb6e0e795e2666ac2d47080df58af318f1a8b5d4f6487e

  • Size

    477KB

  • Sample

    221030-cme3eagde9

  • MD5

    a26dc09d0c047834eb9766f330c0d640

  • SHA1

    f16d042fe8bb7b1e6ce4cb309c133ebafaa9bada

  • SHA256

    7f23ade422445291a5fb6e0e795e2666ac2d47080df58af318f1a8b5d4f6487e

  • SHA512

    4df5529ef968b55e2007e93b675d7c38f6e9f076fec1b728f66e5fc1975a917a5120885b4796ac07c64abd4ee71b6a86bb5075f0cb88851f622a60804a85f777

  • SSDEEP

    12288:uC0cCHeMTcvtDyvQ17CTTxWi+dCLERtlAl0oMm:uC0cCBAyQmEViPv

Score
10/10
evasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      7f23ade422445291a5fb6e0e795e2666ac2d47080df58af318f1a8b5d4f6487e

    • Size

      477KB

    • MD5

      a26dc09d0c047834eb9766f330c0d640

    • SHA1

      f16d042fe8bb7b1e6ce4cb309c133ebafaa9bada

    • SHA256

      7f23ade422445291a5fb6e0e795e2666ac2d47080df58af318f1a8b5d4f6487e

    • SHA512

      4df5529ef968b55e2007e93b675d7c38f6e9f076fec1b728f66e5fc1975a917a5120885b4796ac07c64abd4ee71b6a86bb5075f0cb88851f622a60804a85f777

    • SSDEEP

      12288:uC0cCHeMTcvtDyvQ17CTTxWi+dCLERtlAl0oMm:uC0cCBAyQmEViPv

    Score
    10/10
    evasionpersistencetrojanspywarestealer

    • Modifies visibility of file extensions in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks