f958e0e50007bfb5dc366a7cb1c1815d0eb9f50a139ef0dd6fb7e22669d48fe9 | Triage

Submit
Reports

Overview

overview

Static

static

f958e0e500...e9.exe

windows7-x64

f958e0e500...e9.exe

windows10-2004-x64

Sharing

General

Target

f958e0e50007bfb5dc366a7cb1c1815d0eb9f50a139ef0dd6fb7e22669d48fe9
Size

1.3MB
Sample

221125-lqdhesgf57
MD5

4117f56ac629281c8e7e53271c1cc427
SHA1

5e0bb27eb2c759f927c9649949b20cb8ee3cb970
SHA256

f958e0e50007bfb5dc366a7cb1c1815d0eb9f50a139ef0dd6fb7e22669d48fe9
SHA512

bdab445cab9f23603d77512910a7e5e02532fc24f18ba2f6826563a9a85e2043781e63a3b1b110a4f3845519844ef04a61bc59a9863a400cda89d3271e150600
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

f958e0e50007bfb5dc366a7cb1c1815d0eb9f50a139ef0dd6fb7e22669d48fe9.exe

Resource

win7-20220901-en

persistence spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

f958e0e50007bfb5dc366a7cb1c1815d0eb9f50a139ef0dd6fb7e22669d48fe9.exe

Resource

win10v2004-20220901-en

persistence spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  f958e0e50007bfb5dc366a7cb1c1815d0eb9f50a139ef0dd6fb7e22669d48fe9
- Size
  
  1.3MB
- MD5
  
  4117f56ac629281c8e7e53271c1cc427
- SHA1
  
  5e0bb27eb2c759f927c9649949b20cb8ee3cb970
- SHA256
  
  f958e0e50007bfb5dc366a7cb1c1815d0eb9f50a139ef0dd6fb7e22669d48fe9
- SHA512
  
  bdab445cab9f23603d77512910a7e5e02532fc24f18ba2f6826563a9a85e2043781e63a3b1b110a4f3845519844ef04a61bc59a9863a400cda89d3271e150600
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer

© 2018-2024

Terms | Privacy