db07696dcf7bdc794b281deac29c36a3354ddaf25351369fef345554acb90c20 | Triage

Analysis

max time kernel
28s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 13:34

Sharing

Report Analysis Logs

General

Target

db07696dcf7bdc794b281deac29c36a3354ddaf25351369fef345554acb90c20.exe
Size

513KB
MD5

0731e6c78147b7eaa5c2d18fac36e53a
SHA1

25c08bab63b77e8f1df30a810666cce47442f8f9
SHA256

db07696dcf7bdc794b281deac29c36a3354ddaf25351369fef345554acb90c20
SHA512

e1694839bbd06447954c313409a3f68a585e99c8376473c72d1c1751e9c41bae4103b8785723d2aa2c0df09b36afd3e1ae81c41872b714064219373e261f0d56
SSDEEP

6144:1/T3zd9AVAixibDqwbKhqjX9kjeKHYFqoECLrLnZF7tGUP+BgkTbXD/3/jBe0:1/XM4DShe9EcHPLrLZ5AICgkTP3/80

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\db07696dcf7bdc794b281deac29c36a3354ddaf25351369fef345554acb90c20.exe
"C:\Users\Admin\AppData\Local\Temp\db07696dcf7bdc794b281deac29c36a3354ddaf25351369fef345554acb90c20.exe"
1⤵
PID:1988

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1988-54-0x0000000075281000-0x0000000075283000-memory.dmp

Filesize
8KB

Download
memory/1988-55-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download