95fc29a4fb401d3afb329b7f805449a482433dbe96a920f1cd85e254df151120 | Triage

Submit
Reports

Overview

overview

Static

static

95fc29a4fb...20.exe

windows7-x64

95fc29a4fb...20.exe

windows10-2004-x64

Sharing

General

Target

95fc29a4fb401d3afb329b7f805449a482433dbe96a920f1cd85e254df151120
Size

386KB
Sample

221125-kjrwssea92
MD5

90a111afb406a5ead8277be2a2a4ca60
SHA1

a6c96ecb5ee175aa33656807939748d6c5202c1b
SHA256

95fc29a4fb401d3afb329b7f805449a482433dbe96a920f1cd85e254df151120
SHA512

cb8cfe10957906fd5600fd5a805cb50a59ae1dbaec7d17d41a2ad622d3a23956e5d01c76e4391fc633c9f50dd055460c9f018ea9bc565073a5f97bb8c7987326
SSDEEP

3072:dSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbMtJyVdyw:ssqhJMxzJiU5SeLmNSbMtJU5

Score

10^/10

persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

95fc29a4fb401d3afb329b7f805449a482433dbe96a920f1cd85e254df151120.exe

Resource

win7-20220812-en

persistence spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

95fc29a4fb401d3afb329b7f805449a482433dbe96a920f1cd85e254df151120.exe

Resource

win10v2004-20220812-en

persistence spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  95fc29a4fb401d3afb329b7f805449a482433dbe96a920f1cd85e254df151120
- Size
  
  386KB
- MD5
  
  90a111afb406a5ead8277be2a2a4ca60
- SHA1
  
  a6c96ecb5ee175aa33656807939748d6c5202c1b
- SHA256
  
  95fc29a4fb401d3afb329b7f805449a482433dbe96a920f1cd85e254df151120
- SHA512
  
  cb8cfe10957906fd5600fd5a805cb50a59ae1dbaec7d17d41a2ad622d3a23956e5d01c76e4391fc633c9f50dd055460c9f018ea9bc565073a5f97bb8c7987326
- SSDEEP
  
  3072:dSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbMtJyVdyw:ssqhJMxzJiU5SeLmNSbMtJU5
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer

© 2018-2024

Terms | Privacy