7289d5d2371ee586b0c399e61513e9a9257337e9069f7ec8295c64613e806120 | Triage

Submit
Reports

Overview

overview

9

Static

static

7289d5d237...20.exe

windows7-x64

9

7289d5d237...20.exe

windows10-2004-x64

9

Sharing

General

Target

7289d5d2371ee586b0c399e61513e9a9257337e9069f7ec8295c64613e806120
Size

1.0MB
Sample

221123-hnm3ashf6z
MD5

3ec1da8b166653a4ef22c500f04a0a84
SHA1

99f2b82571b5437d83d237aa6e00ca2ada75d35b
SHA256

7289d5d2371ee586b0c399e61513e9a9257337e9069f7ec8295c64613e806120
SHA512

58ea47713d502b454a6e83e7e9584d347989ceda6c550fbd4b4fd35b292845a881a398672389b167417be4cc4ac3e59127be5b81cc1b6dbb744e1e161540e4f9
SSDEEP

24576:72O/GlAXMZlYbSVqvPpCXtwUED4RVPVI8Qyqd7FXXP:zKQSwUEDAILyYlXP

Score

9^/10

collection evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

7289d5d2371ee586b0c399e61513e9a9257337e9069f7ec8295c64613e806120.exe

Resource

win7-20221111-en

collection evasion persistence trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

7289d5d2371ee586b0c399e61513e9a9257337e9069f7ec8295c64613e806120.exe

Resource

win10v2004-20220812-en

collection evasion persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  7289d5d2371ee586b0c399e61513e9a9257337e9069f7ec8295c64613e806120
- Size
  
  1.0MB
- MD5
  
  3ec1da8b166653a4ef22c500f04a0a84
- SHA1
  
  99f2b82571b5437d83d237aa6e00ca2ada75d35b
- SHA256
  
  7289d5d2371ee586b0c399e61513e9a9257337e9069f7ec8295c64613e806120
- SHA512
  
  58ea47713d502b454a6e83e7e9584d347989ceda6c550fbd4b4fd35b292845a881a398672389b167417be4cc4ac3e59127be5b81cc1b6dbb744e1e161540e4f9
- SSDEEP
  
  24576:72O/GlAXMZlYbSVqvPpCXtwUED4RVPVI8Qyqd7FXXP:zKQSwUEDAILyYlXP
Score

9^/10

collection evasion persistence trojan
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectionevasionpersistencetrojan

behavioral2

collectionevasionpersistencetrojan

© 2018-2024

Terms | Privacy