ad99e70143da56ed0db65a6db18051cda3eba119fbfe91aadfa6cb0aad273a3b | Triage

Submit
Reports

Overview

overview

Static

static

1

ad99e70143...3b.exe

windows7-x64

ad99e70143...3b.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

ad99e70143da56ed0db65a6db18051cda3eba119fbfe91aadfa6cb0aad273a3b
Size

1.1MB
Sample

221125-xm9x1agd44
MD5

d67f3906ea7e88b095052b33fc66aa5f
SHA1

123ea216af52eea5d50b4e365117c67e16369e32
SHA256

ad99e70143da56ed0db65a6db18051cda3eba119fbfe91aadfa6cb0aad273a3b
SHA512

e0a6dfd4c5b5beb5de423f0303a36b90091d528d7e7d206641092a792b7e16938bdfb2a7278889d9448fffc92027216b721f904a98e21e4d2e89417e91073f48
SSDEEP

24576:5Ee6pBxk5UoWFLfEhjN0pF7Cgp/t4xM6sgofHtQ8pZiFgsjb5G3LlqJVXXCwh:U2tQT80pk6e1ofHtQMYgSILlWr

Score

10^/10

discovery evasion spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ad99e70143da56ed0db65a6db18051cda3eba119fbfe91aadfa6cb0aad273a3b.exe

Resource

win7-20220812-en

discovery evasion spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

ad99e70143da56ed0db65a6db18051cda3eba119fbfe91aadfa6cb0aad273a3b.exe

Resource

win10v2004-20220812-en

discovery evasion spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  ad99e70143da56ed0db65a6db18051cda3eba119fbfe91aadfa6cb0aad273a3b
- Size
  
  1.1MB
- MD5
  
  d67f3906ea7e88b095052b33fc66aa5f
- SHA1
  
  123ea216af52eea5d50b4e365117c67e16369e32
- SHA256
  
  ad99e70143da56ed0db65a6db18051cda3eba119fbfe91aadfa6cb0aad273a3b
- SHA512
  
  e0a6dfd4c5b5beb5de423f0303a36b90091d528d7e7d206641092a792b7e16938bdfb2a7278889d9448fffc92027216b721f904a98e21e4d2e89417e91073f48
- SSDEEP
  
  24576:5Ee6pBxk5UoWFLfEhjN0pF7Cgp/t4xM6sgofHtQ8pZiFgsjb5G3LlqJVXXCwh:U2tQT80pk6e1ofHtQMYgSILlWr
Score

10^/10

discovery evasion spyware stealer
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionspywarestealer

behavioral2

discoveryevasionspywarestealer

© 2018-2025

Terms | Privacy