232b4e58becd79be3ce78ff0e244e6b193fb0f2feb80880274e04291d029813d | Triage

Submit
Reports

Overview

overview

8

Static

static

232b4e58be...3d.exe

windows7-x64

8

232b4e58be...3d.exe

windows10-2004-x64

8

Sharing

General

Target

232b4e58becd79be3ce78ff0e244e6b193fb0f2feb80880274e04291d029813d
Size

1.7MB
Sample

221125-s1ypnsbh2v
MD5

cfc93e127ae1ad3c96ede8c1ae851adc
SHA1

5533de5de014062a1b6aecad05f07d73435ebb3b
SHA256

232b4e58becd79be3ce78ff0e244e6b193fb0f2feb80880274e04291d029813d
SHA512

8ac3b6e400bb172533713e14afc93fc242d3305104464600b2ffa101f05998f26db606ae6740d92518e8ee9de599f613deee7ee4da94c6070b49d3131f96f85c
SSDEEP

49152:th1cpLXWaZ0VGPJqv9jxdyQngUbV7+Cdk:d0UVGPJmdxdzngUl+Cdk

Score

8^/10

discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

232b4e58becd79be3ce78ff0e244e6b193fb0f2feb80880274e04291d029813d.exe

Resource

win7-20220901-en

discovery persistence spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

232b4e58becd79be3ce78ff0e244e6b193fb0f2feb80880274e04291d029813d.exe

Resource

win10v2004-20220901-en

discovery persistence spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  232b4e58becd79be3ce78ff0e244e6b193fb0f2feb80880274e04291d029813d
- Size
  
  1.7MB
- MD5
  
  cfc93e127ae1ad3c96ede8c1ae851adc
- SHA1
  
  5533de5de014062a1b6aecad05f07d73435ebb3b
- SHA256
  
  232b4e58becd79be3ce78ff0e244e6b193fb0f2feb80880274e04291d029813d
- SHA512
  
  8ac3b6e400bb172533713e14afc93fc242d3305104464600b2ffa101f05998f26db606ae6740d92518e8ee9de599f613deee7ee4da94c6070b49d3131f96f85c
- SSDEEP
  
  49152:th1cpLXWaZ0VGPJqv9jxdyQngUbV7+Cdk:d0UVGPJmdxdzngUl+Cdk
Score

8^/10

discovery persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer

© 2018-2024

Terms | Privacy