c438548d791979a287906fe42a1801f88dbb0c314b39ca209375e6452d685ad5 | Triage

Submit
Reports

Overview

overview

Static

static

c438548d79...d5.exe

windows7-x64

c438548d79...d5.exe

windows10-2004-x64

Sharing

General

Target

c438548d791979a287906fe42a1801f88dbb0c314b39ca209375e6452d685ad5
Size

672KB
Sample

221125-lhxlbsgc33
MD5

fa2c4c22089e8d276090e32e6343b32b
SHA1

aaeb98404f858b52f615243cc1f9f63df0510566
SHA256

c438548d791979a287906fe42a1801f88dbb0c314b39ca209375e6452d685ad5
SHA512

7f617e01deedf66ccda9a8f424f41b39b8f62ae5ce016fce85768ba9536c87f35211b6622d8d87a619fbebbbedf2a73790795ba831473da65fe9ec163629bc4b
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

c438548d791979a287906fe42a1801f88dbb0c314b39ca209375e6452d685ad5.exe

Resource

win7-20220812-en

persistence spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

c438548d791979a287906fe42a1801f88dbb0c314b39ca209375e6452d685ad5.exe

Resource

win10v2004-20220812-en

persistence spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  c438548d791979a287906fe42a1801f88dbb0c314b39ca209375e6452d685ad5
- Size
  
  672KB
- MD5
  
  fa2c4c22089e8d276090e32e6343b32b
- SHA1
  
  aaeb98404f858b52f615243cc1f9f63df0510566
- SHA256
  
  c438548d791979a287906fe42a1801f88dbb0c314b39ca209375e6452d685ad5
- SHA512
  
  7f617e01deedf66ccda9a8f424f41b39b8f62ae5ce016fce85768ba9536c87f35211b6622d8d87a619fbebbbedf2a73790795ba831473da65fe9ec163629bc4b
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer

© 2018-2024

Terms | Privacy