Overview

overview

10

Static

static

ThirstyLauncher.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ThirstyLauncher.exe

  • Size

    162KB

  • Sample

    221127-ckqq5acb54

  • MD5

    dd7f2b45c9537ee59a5f03e5b01a5132

  • SHA1

    da5e55a244b5b0131593dc4a4943223d4e7c290f

  • SHA256

    00310dcf38e02d26825864a4e969ba7be64ffe87c840f9708265d5e51c00bd20

  • SHA512

    90985c14ddb2adc072943a663382ab95f3a8df7b26b7bd17d587a66eb8a3a7a3f5ef9892716b60445cd7f7a8e004cfe84f9e3f0257ea782938343ae8779b2341

  • SSDEEP

    3072:YenRWXDQKT/BeL0XMiFX/SFKE7iHdUX5F3OqbCpb:sDf/BCsMGP+KE7KSHRb

Score
10/10
evasionspywarestealer

Malware Config

Targets

    • Target

      ThirstyLauncher.exe

    • Size

      162KB

    • MD5

      dd7f2b45c9537ee59a5f03e5b01a5132

    • SHA1

      da5e55a244b5b0131593dc4a4943223d4e7c290f

    • SHA256

      00310dcf38e02d26825864a4e969ba7be64ffe87c840f9708265d5e51c00bd20

    • SHA512

      90985c14ddb2adc072943a663382ab95f3a8df7b26b7bd17d587a66eb8a3a7a3f5ef9892716b60445cd7f7a8e004cfe84f9e3f0257ea782938343ae8779b2341

    • SSDEEP

      3072:YenRWXDQKT/BeL0XMiFX/SFKE7iHdUX5F3OqbCpb:sDf/BCsMGP+KE7KSHRb

    Score
    10/10
    evasionspywarestealer

    • Modifies security service

      evasion

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Stops running service(s)

      evasion

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks