Overview

overview

9

Static

static

e636f837a3...08.exe

windows7-x64

9

e636f837a3...08.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e636f837a3a32beed0a71b3fe2b86acdc058df5f7791ac1bf5ee6e00a2de0508

  • Size

    1.2MB

  • Sample

    221125-s9tr3shc87

  • MD5

    08802c270fdbcfb412a6183a2686664f

  • SHA1

    674949c9f9bfc90dd17af77c9b534d8b05759c6f

  • SHA256

    e636f837a3a32beed0a71b3fe2b86acdc058df5f7791ac1bf5ee6e00a2de0508

  • SHA512

    9d84452c3226d44f75076c5a1bd44259dabf8e881d06e5e61085e413bf2e60ed4683c059e822df7bf4cb8a24e935dc740513c98b9bab4a5354cca7134baab76c

  • SSDEEP

    24576:RI52II85Pvt3I4xGOqd52pIQShnCrbb4vWH0HgUdr7:60k55I4EdThbWHElr

Score
9/10
collectionspywarestealer

Malware Config

Targets

    • Target

      e636f837a3a32beed0a71b3fe2b86acdc058df5f7791ac1bf5ee6e00a2de0508

    • Size

      1.2MB

    • MD5

      08802c270fdbcfb412a6183a2686664f

    • SHA1

      674949c9f9bfc90dd17af77c9b534d8b05759c6f

    • SHA256

      e636f837a3a32beed0a71b3fe2b86acdc058df5f7791ac1bf5ee6e00a2de0508

    • SHA512

      9d84452c3226d44f75076c5a1bd44259dabf8e881d06e5e61085e413bf2e60ed4683c059e822df7bf4cb8a24e935dc740513c98b9bab4a5354cca7134baab76c

    • SSDEEP

      24576:RI52II85Pvt3I4xGOqd52pIQShnCrbb4vWH0HgUdr7:60k55I4EdThbWHElr

    Score
    9/10
    collectionspywarestealer

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks