Overview

overview

10

Static

static

d3f5f3ba65...f4.exe

windows7-x64

10

d3f5f3ba65...f4.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d3f5f3ba65694d9d52899ab3349785bbc8fdce956a7562e4bfd77c433895ebf4

  • Size

    127KB

  • Sample

    221123-p9eflsgd6x

  • MD5

    8e28a4528b960309d3b3e9f0288d0063

  • SHA1

    74dff21f26f361a2e5a1e36fdbda38fc4595ccb4

  • SHA256

    d3f5f3ba65694d9d52899ab3349785bbc8fdce956a7562e4bfd77c433895ebf4

  • SHA512

    f792e69f4af2b3f662053c3f5f91f2c45c892d1ba8e2badb30d79c1492707af8dcb84b7c7ac2af4b984b3ca007b135ddcba51d390059d895e138738dc9b22799

  • SSDEEP

    3072:TM3Dmgi9+OtJU5DL7omZdFlYKsX9X8skc+TZI+hPE:TcqpJkhswTlYKsX9X8VRhs

Score
10/10
persistencespywarestealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    hhaahhaa

Targets

    • Target

      d3f5f3ba65694d9d52899ab3349785bbc8fdce956a7562e4bfd77c433895ebf4

    • Size

      127KB

    • MD5

      8e28a4528b960309d3b3e9f0288d0063

    • SHA1

      74dff21f26f361a2e5a1e36fdbda38fc4595ccb4

    • SHA256

      d3f5f3ba65694d9d52899ab3349785bbc8fdce956a7562e4bfd77c433895ebf4

    • SHA512

      f792e69f4af2b3f662053c3f5f91f2c45c892d1ba8e2badb30d79c1492707af8dcb84b7c7ac2af4b984b3ca007b135ddcba51d390059d895e138738dc9b22799

    • SSDEEP

      3072:TM3Dmgi9+OtJU5DL7omZdFlYKsX9X8skc+TZI+hPE:TcqpJkhswTlYKsX9X8VRhs

    Score
    10/10
    persistencespywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks