fcc09a5be47bc5bfa35f32270bc00353dd5c6ce327760b61b8b9af7952be1f34 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

fcc09a5be4...34.exe

windows7-x64

9

fcc09a5be4...34.exe

windows10-2004-x64

9

Sharing

General

Target

fcc09a5be47bc5bfa35f32270bc00353dd5c6ce327760b61b8b9af7952be1f34
Size

468KB
Sample

221124-dewkvsfh9s
MD5

d6d8d85a9e8d51ebccc5c2dbce142103
SHA1

2c59c931260a5802a038c777186dddce11397fe2
SHA256

fcc09a5be47bc5bfa35f32270bc00353dd5c6ce327760b61b8b9af7952be1f34
SHA512

99aee273d75170ac28df316049a332536639bbd2676aafddfcb7f67763c02e88bd75d2bbd967f8b966997db98f38e370c4af0c215152875968c3fe347799866f
SSDEEP

12288:VuC+3L0bELfWKFS/8Mm9+YCY2aTOqidxjut:V9WKAfYI4YCY2aPin

Score

9^/10

evasion spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fcc09a5be47bc5bfa35f32270bc00353dd5c6ce327760b61b8b9af7952be1f34.exe

Resource

win7-20221111-en

evasion spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

fcc09a5be47bc5bfa35f32270bc00353dd5c6ce327760b61b8b9af7952be1f34.exe

Resource

win10v2004-20221111-en

evasion spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  fcc09a5be47bc5bfa35f32270bc00353dd5c6ce327760b61b8b9af7952be1f34
- Size
  
  468KB
- MD5
  
  d6d8d85a9e8d51ebccc5c2dbce142103
- SHA1
  
  2c59c931260a5802a038c777186dddce11397fe2
- SHA256
  
  fcc09a5be47bc5bfa35f32270bc00353dd5c6ce327760b61b8b9af7952be1f34
- SHA512
  
  99aee273d75170ac28df316049a332536639bbd2676aafddfcb7f67763c02e88bd75d2bbd967f8b966997db98f38e370c4af0c215152875968c3fe347799866f
- SSDEEP
  
  12288:VuC+3L0bELfWKFS/8Mm9+YCY2aTOqidxjut:V9WKAfYI4YCY2aPin
Score

9^/10

evasion spyware stealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Security Software Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealer

behavioral2

evasionspywarestealer

© 2018-2024

Terms | Privacy