acc96c03e3f12de1b48bdba33ca78e674c74bd78d7352537f77824da0f9670c4 | Triage

Submit
Reports

Overview

overview

8

Static

static

acc96c03e3...c4.exe

windows7-x64

8

acc96c03e3...c4.exe

windows10-2004-x64

8

Sharing

General

Target

acc96c03e3f12de1b48bdba33ca78e674c74bd78d7352537f77824da0f9670c4
Size

5.7MB
Sample

221123-njrskscb2w
MD5

14f448fbcbe8c201c29a2f218397a9b7
SHA1

a9c1aedb0686c9d923473ee4421f9e8a6f375a09
SHA256

acc96c03e3f12de1b48bdba33ca78e674c74bd78d7352537f77824da0f9670c4
SHA512

2ae12a2456e20c5a6fd1ae647c3e43232b9c23030584261ca9bfae6539c652be1c581dd843227437750276501fee3674ced5cfe7a857317a9979a6f17ca7ffdb
SSDEEP

98304:aL+p957/mfkAb0JOyEmi+thHGAa0P9CQOGCfRJ2jlTDZ2l4wdcACdcruV95czO:G89J/ANzywiJlgQNUJ2BTDYiqcAViVwi

Score

8^/10

discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

acc96c03e3f12de1b48bdba33ca78e674c74bd78d7352537f77824da0f9670c4.exe

Resource

win7-20221111-en

discovery persistence spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

acc96c03e3f12de1b48bdba33ca78e674c74bd78d7352537f77824da0f9670c4.exe

Resource

win10v2004-20220901-en

discovery persistence spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  acc96c03e3f12de1b48bdba33ca78e674c74bd78d7352537f77824da0f9670c4
- Size
  
  5.7MB
- MD5
  
  14f448fbcbe8c201c29a2f218397a9b7
- SHA1
  
  a9c1aedb0686c9d923473ee4421f9e8a6f375a09
- SHA256
  
  acc96c03e3f12de1b48bdba33ca78e674c74bd78d7352537f77824da0f9670c4
- SHA512
  
  2ae12a2456e20c5a6fd1ae647c3e43232b9c23030584261ca9bfae6539c652be1c581dd843227437750276501fee3674ced5cfe7a857317a9979a6f17ca7ffdb
- SSDEEP
  
  98304:aL+p957/mfkAb0JOyEmi+thHGAa0P9CQOGCfRJ2jlTDZ2l4wdcACdcruV95czO:G89J/ANzywiJlgQNUJ2BTDYiqcAViVwi
Score

8^/10

discovery persistence spyware stealer
- Executes dropped EXE
- Modifies AppInit DLL entries
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer

© 2018-2024

Terms | Privacy