27f47faa080d2b9f4c7672b4da78c6410a25b7af5571d3e748f83a01f2144d0a | Triage

Submit
Reports

Overview

overview

8

Static

static

27f47faa08...0a.exe

windows7-x64

8

27f47faa08...0a.exe

windows10-2004-x64

8

Sharing

General

Target

27f47faa080d2b9f4c7672b4da78c6410a25b7af5571d3e748f83a01f2144d0a
Size

884KB
Sample

221123-r4ce6sdc61
MD5

9129275edf49cff83327c10120a17d7d
SHA1

341d26a56440f86ab4151b7e8f64abab6abb9e0f
SHA256

27f47faa080d2b9f4c7672b4da78c6410a25b7af5571d3e748f83a01f2144d0a
SHA512

a07edbde06a0389b68b96fda94244ed6e911efaca98f8e7f1425e0a5538d2124a361dfd4e2d245edd837759665e7c2e1420b97aba1c9858a12c40e16fb518f18
SSDEEP

24576:bQUQNSnYKZvrfEkOS5bLvotxWFuHmGNvu12qT:cUQNoYozLvvotxguXm

Score

8^/10

spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

27f47faa080d2b9f4c7672b4da78c6410a25b7af5571d3e748f83a01f2144d0a.exe

Resource

win7-20220812-en

spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

27f47faa080d2b9f4c7672b4da78c6410a25b7af5571d3e748f83a01f2144d0a.exe

Resource

win10v2004-20220812-en

spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  27f47faa080d2b9f4c7672b4da78c6410a25b7af5571d3e748f83a01f2144d0a
- Size
  
  884KB
- MD5
  
  9129275edf49cff83327c10120a17d7d
- SHA1
  
  341d26a56440f86ab4151b7e8f64abab6abb9e0f
- SHA256
  
  27f47faa080d2b9f4c7672b4da78c6410a25b7af5571d3e748f83a01f2144d0a
- SHA512
  
  a07edbde06a0389b68b96fda94244ed6e911efaca98f8e7f1425e0a5538d2124a361dfd4e2d245edd837759665e7c2e1420b97aba1c9858a12c40e16fb518f18
- SSDEEP
  
  24576:bQUQNSnYKZvrfEkOS5bLvotxWFuHmGNvu12qT:cUQNoYozLvvotxguXm
Score

8^/10

spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy