Overview

overview

8

Static

static

file.exe

windows7-x64

8

file.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    793KB

  • Sample

    221124-vctf6agb37

  • MD5

    8f8a9fa78aa61839e20a968ff65eb0db

  • SHA1

    c132428636b92b7829cd70ecd004fb1d77f9646d

  • SHA256

    4646eb037b498918f7e4558680557879cbf91f28d9668083ee2f25180c4ae834

  • SHA512

    4642db8d8f5b5b299dcd3db3b6741e65804602bf6ef9982a660e14c43dc666103586d2855b549c4e6c39706750a6579a7b6628812872f5a09ad80960d6e0fb8d

  • SSDEEP

    24576:hLAt3ieGOGoNOcfLtAz2QFPlePWBoyhIj:te/VNLFIAPxCY

Score
8/10
persistencespywarestealer

Malware Config

Targets

    • Target

      file.exe

    • Size

      793KB

    • MD5

      8f8a9fa78aa61839e20a968ff65eb0db

    • SHA1

      c132428636b92b7829cd70ecd004fb1d77f9646d

    • SHA256

      4646eb037b498918f7e4558680557879cbf91f28d9668083ee2f25180c4ae834

    • SHA512

      4642db8d8f5b5b299dcd3db3b6741e65804602bf6ef9982a660e14c43dc666103586d2855b549c4e6c39706750a6579a7b6628812872f5a09ad80960d6e0fb8d

    • SSDEEP

      24576:hLAt3ieGOGoNOcfLtAz2QFPlePWBoyhIj:te/VNLFIAPxCY

    Score
    8/10
    persistencespywarestealer

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks