f9c82b093a049a082cdf5a1a7042f0b7b5fefe56c0c1a2db53ae8d98683d6b84 | Triage

Submit
Reports

Overview

overview

8

Static

static

f9c82b093a...84.exe

windows7-x64

8

f9c82b093a...84.exe

windows10-2004-x64

8

Sharing

General

Target

f9c82b093a049a082cdf5a1a7042f0b7b5fefe56c0c1a2db53ae8d98683d6b84
Size

5.7MB
Sample

221125-qkgp4sdh4v
MD5

5e7766282d74ebf8e5b95c422180b6a0
SHA1

68654a5c5219f27d8ba5a3f7b74ae74d1dc9acf0
SHA256

f9c82b093a049a082cdf5a1a7042f0b7b5fefe56c0c1a2db53ae8d98683d6b84
SHA512

fedbbfceb2a164283f7d3c4672317c79d6744ed099950f9a29ea8c4784f9dc410c728ff3ddab4fbefbfe3c525c1ae621d58ce044520149a20e8b857c27ce2442
SSDEEP

98304:jL+p957/mfkAb0JOyEmi+thHGAa0P9CQOGCfRJ2jlTDZ2l4wdcACdcruV95czN:f89J/ANzywiJlgQNUJ2BTDYiqcAViVwR

Score

8^/10

discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

f9c82b093a049a082cdf5a1a7042f0b7b5fefe56c0c1a2db53ae8d98683d6b84.exe

Resource

win7-20221111-en

discovery persistence spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

f9c82b093a049a082cdf5a1a7042f0b7b5fefe56c0c1a2db53ae8d98683d6b84.exe

Resource

win10v2004-20220812-en

discovery persistence spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  f9c82b093a049a082cdf5a1a7042f0b7b5fefe56c0c1a2db53ae8d98683d6b84
- Size
  
  5.7MB
- MD5
  
  5e7766282d74ebf8e5b95c422180b6a0
- SHA1
  
  68654a5c5219f27d8ba5a3f7b74ae74d1dc9acf0
- SHA256
  
  f9c82b093a049a082cdf5a1a7042f0b7b5fefe56c0c1a2db53ae8d98683d6b84
- SHA512
  
  fedbbfceb2a164283f7d3c4672317c79d6744ed099950f9a29ea8c4784f9dc410c728ff3ddab4fbefbfe3c525c1ae621d58ce044520149a20e8b857c27ce2442
- SSDEEP
  
  98304:jL+p957/mfkAb0JOyEmi+thHGAa0P9CQOGCfRJ2jlTDZ2l4wdcACdcruV95czN:f89J/ANzywiJlgQNUJ2BTDYiqcAViVwR
Score

8^/10

discovery persistence spyware stealer
- Executes dropped EXE
- Modifies AppInit DLL entries
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer

© 2018-2024

Terms | Privacy