889df62fdbf1ef14b3d5d35a4784fb7684be859f39794e6cd204d0790bdbd0a3 | Triage

Submit
Reports

Overview

overview

9

Static

static

889df62fdb...a3.exe

windows7-x64

9

889df62fdb...a3.exe

windows10-2004-x64

9

Sharing

General

Target

889df62fdbf1ef14b3d5d35a4784fb7684be859f39794e6cd204d0790bdbd0a3
Size

524KB
Sample

221128-e31p6aag2y
MD5

ffda27e2cf57bce13efe2fa896daff23
SHA1

e1be9026b8cc47b923504610f05e8f949c3e3256
SHA256

889df62fdbf1ef14b3d5d35a4784fb7684be859f39794e6cd204d0790bdbd0a3
SHA512

1814c635a6f32dd9a110a919fc35ff8643867257193e92f7282ea155ec67d1e11e74e25d7efaac1495fffb3b082cadb6ddaaf02a745cd7f312b0793cf07a3967
SSDEEP

12288:RdA1BIdj/Ftx6/QV/Zxc0kim/XPZLTrXkx2:RdsIdj9bXLAiyFfXkx

Score

9^/10

collection persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

889df62fdbf1ef14b3d5d35a4784fb7684be859f39794e6cd204d0790bdbd0a3.exe

Resource

win7-20221111-en

collection persistence spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

889df62fdbf1ef14b3d5d35a4784fb7684be859f39794e6cd204d0790bdbd0a3.exe

Resource

win10v2004-20221111-en

collection persistence spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  889df62fdbf1ef14b3d5d35a4784fb7684be859f39794e6cd204d0790bdbd0a3
- Size
  
  524KB
- MD5
  
  ffda27e2cf57bce13efe2fa896daff23
- SHA1
  
  e1be9026b8cc47b923504610f05e8f949c3e3256
- SHA256
  
  889df62fdbf1ef14b3d5d35a4784fb7684be859f39794e6cd204d0790bdbd0a3
- SHA512
  
  1814c635a6f32dd9a110a919fc35ff8643867257193e92f7282ea155ec67d1e11e74e25d7efaac1495fffb3b082cadb6ddaaf02a745cd7f312b0793cf07a3967
- SSDEEP
  
  12288:RdA1BIdj/Ftx6/QV/Zxc0kim/XPZLTrXkx2:RdsIdj9bXLAiyFfXkx
Score

9^/10

collection persistence spyware stealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

collectionpersistencespywarestealer

behavioral2

collectionpersistencespywarestealer

© 2018-2024

Terms | Privacy