efb4786e8b964e62b97f4b60fd4d6ad2d14a4a112d76d920a19bc93bd4610f45 | Triage

Submit
Reports

Overview

overview

8

Static

static

Yandex (1).exe

windows7-x64

8

Yandex (1).exe

windows10-1703-x64

8

Yandex (1).exe

windows10-2004-x64

8

Resubmissions

11-11-2022 20:39

221111-zfffxsec2w 8

11-11-2022 19:29

221111-x7grysde7z 8

Sharing

General

Target

Yandex (1).exe
Size

2.2MB
Sample

221111-x7grysde7z
MD5

841b79c3bd9ef08da8616faa4df033f0
SHA1

eb1eb7a7b862360c64477ba1a0eb2b490c5530e3
SHA256

efb4786e8b964e62b97f4b60fd4d6ad2d14a4a112d76d920a19bc93bd4610f45
SHA512

14fc348bcd379bfffeb004f25988ccbcf35413039bd82c301575017a62fd44c516e20c43db818c8fb5170e9abfa1186179864983157241a268fa4f0a78c4c848
SSDEEP

49152:bILXlcHvCEPMae+z2b9lJ/gXDs+R+r5u8Qeg:sBcPHMae+Sb9lJ/YeKf

Score

8^/10

discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Yandex (1).exe

Resource

win7-20220812-en

discovery persistence spyware stealer

windows7-x64

20 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Yandex (1).exe

Resource

win10-20220901-en

discovery persistence spyware stealer

windows10-1703-x64

22 signatures

1800 seconds

Behavioral task

behavioral3

Sample

Yandex (1).exe

Resource

win10v2004-20220812-en

discovery persistence spyware stealer

windows10-2004-x64

22 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Yandex (1).exe
- Size
  
  2.2MB
- MD5
  
  841b79c3bd9ef08da8616faa4df033f0
- SHA1
  
  eb1eb7a7b862360c64477ba1a0eb2b490c5530e3
- SHA256
  
  efb4786e8b964e62b97f4b60fd4d6ad2d14a4a112d76d920a19bc93bd4610f45
- SHA512
  
  14fc348bcd379bfffeb004f25988ccbcf35413039bd82c301575017a62fd44c516e20c43db818c8fb5170e9abfa1186179864983157241a268fa4f0a78c4c848
- SSDEEP
  
  49152:bILXlcHvCEPMae+z2b9lJ/gXDs+R+r5u8Qeg:sBcPHMae+Sb9lJ/YeKf
Score

8^/10

discovery persistence spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer

behavioral3

discoverypersistencespywarestealer

© 2018-2024

Terms | Privacy