194ce016322f59f52ff8311a77b81847e8330667ddbb476862104e72e6fcb818 | Triage

Submit
Reports

Overview

overview

Static

static

194ce01632...18.exe

windows7-x64

194ce01632...18.exe

windows10-2004-x64

Sharing

General

Target

194ce016322f59f52ff8311a77b81847e8330667ddbb476862104e72e6fcb818
Size

1.7MB
Sample

221125-ldawrsfh66
MD5

4a50ebb7357ed7ad2bdd2aa0b7adb247
SHA1

e95ead1ef996937878dafbc63ec1e2840dbc7b78
SHA256

194ce016322f59f52ff8311a77b81847e8330667ddbb476862104e72e6fcb818
SHA512

b0d3edfe5903bc5a02b2ca264c03e0100b82f69260ee6cc68588e8f88346ed38b1ac17b9505c11255dd44d89c45bc0b4ae90e6ba846c9fb48c278692101b098e
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

194ce016322f59f52ff8311a77b81847e8330667ddbb476862104e72e6fcb818.exe

Resource

win7-20220812-en

persistence spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

194ce016322f59f52ff8311a77b81847e8330667ddbb476862104e72e6fcb818.exe

Resource

win10v2004-20220901-en

persistence spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  194ce016322f59f52ff8311a77b81847e8330667ddbb476862104e72e6fcb818
- Size
  
  1.7MB
- MD5
  
  4a50ebb7357ed7ad2bdd2aa0b7adb247
- SHA1
  
  e95ead1ef996937878dafbc63ec1e2840dbc7b78
- SHA256
  
  194ce016322f59f52ff8311a77b81847e8330667ddbb476862104e72e6fcb818
- SHA512
  
  b0d3edfe5903bc5a02b2ca264c03e0100b82f69260ee6cc68588e8f88346ed38b1ac17b9505c11255dd44d89c45bc0b4ae90e6ba846c9fb48c278692101b098e
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer

© 2018-2024

Terms | Privacy