962559eb0de38752b374c33ef6b22e62bda5c7198cb9d1920337f1340be7e228 | Triage

Submit
Reports

Overview

overview

8

Static

static

962559eb0d...28.exe

windows7-x64

8

962559eb0d...28.exe

windows10-2004-x64

8

Sharing

General

Target

962559eb0de38752b374c33ef6b22e62bda5c7198cb9d1920337f1340be7e228
Size

5.7MB
Sample

221123-njv51aha62
MD5

d429edfec1e261e7836f93bcd26451e2
SHA1

34dabe2ecc704a5cba8dd12023d0995237c84c70
SHA256

962559eb0de38752b374c33ef6b22e62bda5c7198cb9d1920337f1340be7e228
SHA512

8cc804b2d0a4e56ec9eb6b278c2c3711aaabf20c7fd90c9e8f4175ada1aa64d0ca7c5e19e3e7e7b58da496ced90852400c1306f670aa23575f7a04538b304351
SSDEEP

98304:mL+p957/mfkAb0JOyEmi+thHGAa0P9CQOGCfRJ2jlTDZ2l4wdcACdcruV95czm:689J/ANzywiJlgQNUJ2BTDYiqcAViVwK

Score

8^/10

discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

962559eb0de38752b374c33ef6b22e62bda5c7198cb9d1920337f1340be7e228.exe

Resource

win7-20220901-en

discovery persistence spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

962559eb0de38752b374c33ef6b22e62bda5c7198cb9d1920337f1340be7e228.exe

Resource

win10v2004-20220812-en

discovery persistence spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  962559eb0de38752b374c33ef6b22e62bda5c7198cb9d1920337f1340be7e228
- Size
  
  5.7MB
- MD5
  
  d429edfec1e261e7836f93bcd26451e2
- SHA1
  
  34dabe2ecc704a5cba8dd12023d0995237c84c70
- SHA256
  
  962559eb0de38752b374c33ef6b22e62bda5c7198cb9d1920337f1340be7e228
- SHA512
  
  8cc804b2d0a4e56ec9eb6b278c2c3711aaabf20c7fd90c9e8f4175ada1aa64d0ca7c5e19e3e7e7b58da496ced90852400c1306f670aa23575f7a04538b304351
- SSDEEP
  
  98304:mL+p957/mfkAb0JOyEmi+thHGAa0P9CQOGCfRJ2jlTDZ2l4wdcACdcruV95czm:689J/ANzywiJlgQNUJ2BTDYiqcAViVwK
Score

8^/10

discovery persistence spyware stealer
- Executes dropped EXE
- Modifies AppInit DLL entries
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer

© 2018-2024

Terms | Privacy