808bcbf367c67385e00e9d54cdfed9d99b449b25bcbe50a2015044065370d6da | Triage

Submit
Reports

Overview

overview

Static

static

808bcbf367...da.exe

windows7-x64

8

808bcbf367...da.exe

windows10-2004-x64

Sharing

General

Target

808bcbf367c67385e00e9d54cdfed9d99b449b25bcbe50a2015044065370d6da
Size

2.1MB
Sample

221125-krtqcsaa6t
MD5

b322484e73005048a50faa38667754b7
SHA1

b177d083b24fda398aa1f496ee69bafa7525a3a3
SHA256

808bcbf367c67385e00e9d54cdfed9d99b449b25bcbe50a2015044065370d6da
SHA512

a7c46b90ce90103a88677f4613afaa30c7e38b4bdbc067b38f747a1b5c550a23b7678bda977282f07aa7be3f55f76f61c0a42de0081ad4694e8cd6a06e711b24
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

808bcbf367c67385e00e9d54cdfed9d99b449b25bcbe50a2015044065370d6da.exe

Resource

win7-20221111-en

persistence spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

808bcbf367c67385e00e9d54cdfed9d99b449b25bcbe50a2015044065370d6da.exe

Resource

win10v2004-20220812-en

persistence spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  808bcbf367c67385e00e9d54cdfed9d99b449b25bcbe50a2015044065370d6da
- Size
  
  2.1MB
- MD5
  
  b322484e73005048a50faa38667754b7
- SHA1
  
  b177d083b24fda398aa1f496ee69bafa7525a3a3
- SHA256
  
  808bcbf367c67385e00e9d54cdfed9d99b449b25bcbe50a2015044065370d6da
- SHA512
  
  a7c46b90ce90103a88677f4613afaa30c7e38b4bdbc067b38f747a1b5c550a23b7678bda977282f07aa7be3f55f76f61c0a42de0081ad4694e8cd6a06e711b24
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer

© 2018-2024

Terms | Privacy