dfc2f935f757c708c388d7fe0bf14c97af5e9e53b13b3944225e803232647305 | Triage

Submit
Reports

Overview

overview

Static

static

dfc2f935f7...05.exe

windows7-x64

dfc2f935f7...05.exe

windows10-2004-x64

Sharing

General

Target

dfc2f935f757c708c388d7fe0bf14c97af5e9e53b13b3944225e803232647305
Size

58KB
Sample

221124-avgvvsfd39
MD5

25f4773820efe20baf6a06471701bbb0
SHA1

9ee7e516d27b8d1e9a3cd73285c9e548f8678b44
SHA256

dfc2f935f757c708c388d7fe0bf14c97af5e9e53b13b3944225e803232647305
SHA512

98b092a46dbf0ec1a98395d1130c1fa1aecf36234fb015a46d32182767a7101510d04c76fb0f44838dfb99e2fa5f809c20f305ffe441c6b1528594ea1f23946a
SSDEEP

768:6pUt1E/8mS+amkLFRccny45nHguULyEfq+NfAR3b3rI3k0pYD60a2nBdv2tEvP:6pO1Ek93yAgfGUt23brI3k0Q6F6dUGP

Score

10^/10

evasion persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

dfc2f935f757c708c388d7fe0bf14c97af5e9e53b13b3944225e803232647305.exe

Resource

win7-20220812-en

evasion persistence spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

dfc2f935f757c708c388d7fe0bf14c97af5e9e53b13b3944225e803232647305.exe

Resource

win10v2004-20221111-en

evasion persistence

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  dfc2f935f757c708c388d7fe0bf14c97af5e9e53b13b3944225e803232647305
- Size
  
  58KB
- MD5
  
  25f4773820efe20baf6a06471701bbb0
- SHA1
  
  9ee7e516d27b8d1e9a3cd73285c9e548f8678b44
- SHA256
  
  dfc2f935f757c708c388d7fe0bf14c97af5e9e53b13b3944225e803232647305
- SHA512
  
  98b092a46dbf0ec1a98395d1130c1fa1aecf36234fb015a46d32182767a7101510d04c76fb0f44838dfb99e2fa5f809c20f305ffe441c6b1528594ea1f23946a
- SSDEEP
  
  768:6pUt1E/8mS+amkLFRccny45nHguULyEfq+NfAR3b3rI3k0pYD60a2nBdv2tEvP:6pO1Ek93yAgfGUt23brI3k0Q6F6dUGP
Score

10^/10

evasion persistence spyware stealer
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealer

behavioral2

evasionpersistence

© 2018-2024

Terms | Privacy