cd132aaa8038961ebd255fbc6f982944e98f889a00d1c5966c8dffca0e2f4094 | Triage

Submit
Reports

Overview

overview

8

Static

static

cd132aaa80...94.exe

windows7-x64

8

cd132aaa80...94.exe

windows10-2004-x64

8

Sharing

General

Target

cd132aaa8038961ebd255fbc6f982944e98f889a00d1c5966c8dffca0e2f4094
Size

272KB
Sample

221124-ashdlsad7t
MD5

555f54e8f462a161e327996503e31735
SHA1

486dd61f4d9adc110b32806ebadc73bcfbf262e5
SHA256

cd132aaa8038961ebd255fbc6f982944e98f889a00d1c5966c8dffca0e2f4094
SHA512

3caa845e16dda17a5a3b1587f4e1f489078aa371371c3f7b0554d1b857d2b7586f1ced38c4d9c570a155043d12be2d97e798c846d151b0ad4706f1dd1635c12e
SSDEEP

6144:0j94Szj94Szj94Szj94Szj94Szj94Szj94Szj94Szj9q:0jiSzjiSzjiSzjiSzjiSzjiSzjiSzjiL

Score

8^/10

spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

cd132aaa8038961ebd255fbc6f982944e98f889a00d1c5966c8dffca0e2f4094.exe

Resource

win7-20220901-en

spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

cd132aaa8038961ebd255fbc6f982944e98f889a00d1c5966c8dffca0e2f4094.exe

Resource

win10v2004-20220901-en

spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  cd132aaa8038961ebd255fbc6f982944e98f889a00d1c5966c8dffca0e2f4094
- Size
  
  272KB
- MD5
  
  555f54e8f462a161e327996503e31735
- SHA1
  
  486dd61f4d9adc110b32806ebadc73bcfbf262e5
- SHA256
  
  cd132aaa8038961ebd255fbc6f982944e98f889a00d1c5966c8dffca0e2f4094
- SHA512
  
  3caa845e16dda17a5a3b1587f4e1f489078aa371371c3f7b0554d1b857d2b7586f1ced38c4d9c570a155043d12be2d97e798c846d151b0ad4706f1dd1635c12e
- SSDEEP
  
  6144:0j94Szj94Szj94Szj94Szj94Szj94Szj94Szj94Szj9q:0jiSzjiSzjiSzjiSzjiSzjiSzjiSzjiL
Score

8^/10

spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy