Overview

overview

10

Static

static

e282d7499e...31.exe

windows7-x64

10

e282d7499e...31.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e282d7499eeb5510edc61debee35c3fc83a785a944e2f487bd470590f6c1a031

  • Size

    76KB

  • Sample

    221124-whxansae97

  • MD5

    c5ca1f7f8bbe72dfcbfe371589e13ea7

  • SHA1

    bda4a59da1bdce3d205a4bfb5fcf6c462d0a0792

  • SHA256

    e282d7499eeb5510edc61debee35c3fc83a785a944e2f487bd470590f6c1a031

  • SHA512

    c1a64e19c12c03fdc8b716a78f256552036ff20ed56a5df3eff96f85e9e28f73282cca08f529cd48ea4bf65de17a8f6d861cf9e5b5f45961089f9490bcec1bbc

  • SSDEEP

    1536:9W8QnR+yvHeZT71FeKtqT0Rqz/mp1tKIUjt:wRmT5FXqgIyp1tKLjt

Score
10/10
persistencespywarestealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    overcomer123

Targets

    • Target

      e282d7499eeb5510edc61debee35c3fc83a785a944e2f487bd470590f6c1a031

    • Size

      76KB

    • MD5

      c5ca1f7f8bbe72dfcbfe371589e13ea7

    • SHA1

      bda4a59da1bdce3d205a4bfb5fcf6c462d0a0792

    • SHA256

      e282d7499eeb5510edc61debee35c3fc83a785a944e2f487bd470590f6c1a031

    • SHA512

      c1a64e19c12c03fdc8b716a78f256552036ff20ed56a5df3eff96f85e9e28f73282cca08f529cd48ea4bf65de17a8f6d861cf9e5b5f45961089f9490bcec1bbc

    • SSDEEP

      1536:9W8QnR+yvHeZT71FeKtqT0Rqz/mp1tKIUjt:wRmT5FXqgIyp1tKLjt

    Score
    10/10
    persistencespywarestealer

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks