62d78ad3b7bf9441610d114bfc28ba98e3b837ce31418f47938609ac842b25d8 | Triage

Submit
Reports

Overview

overview

Static

static

62d78ad3b7...d8.exe

windows7-x64

62d78ad3b7...d8.exe

windows10-2004-x64

Sharing

General

Target

62d78ad3b7bf9441610d114bfc28ba98e3b837ce31418f47938609ac842b25d8
Size

1.1MB
Sample

221125-kkdqkaeb35
MD5

589e542e797c5853842d692221855347
SHA1

180fb3a204a3b6b54e349de423be054affb2aecf
SHA256

62d78ad3b7bf9441610d114bfc28ba98e3b837ce31418f47938609ac842b25d8
SHA512

34a62809c8ae47cd988f80565492346c87a30ce13781dbc9c6a12ce93e17925ea12458bc6b384c0da905a249f0c3275bb9188b5df9cb8fa912aad666d7c4429c
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

62d78ad3b7bf9441610d114bfc28ba98e3b837ce31418f47938609ac842b25d8.exe

Resource

win7-20220812-en

persistence spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

62d78ad3b7bf9441610d114bfc28ba98e3b837ce31418f47938609ac842b25d8.exe

Resource

win10v2004-20220812-en

persistence spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  62d78ad3b7bf9441610d114bfc28ba98e3b837ce31418f47938609ac842b25d8
- Size
  
  1.1MB
- MD5
  
  589e542e797c5853842d692221855347
- SHA1
  
  180fb3a204a3b6b54e349de423be054affb2aecf
- SHA256
  
  62d78ad3b7bf9441610d114bfc28ba98e3b837ce31418f47938609ac842b25d8
- SHA512
  
  34a62809c8ae47cd988f80565492346c87a30ce13781dbc9c6a12ce93e17925ea12458bc6b384c0da905a249f0c3275bb9188b5df9cb8fa912aad666d7c4429c
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer

© 2018-2024

Terms | Privacy