Overview

overview

7

Static

static

a18b4330b9...81.exe

windows7-x64

7

a18b4330b9...81.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a18b4330b99991158d7fc4d8c642d53d0aef1e15413bd16afee2be0a591f2b81

  • Size

    300KB

  • Sample

    221203-twk4fsah4v

  • MD5

    4f7aacf7e5868145e8a437b5d58d08b0

  • SHA1

    f4797649c2c064e3fa0a54f44810e3a57cf85d80

  • SHA256

    a18b4330b99991158d7fc4d8c642d53d0aef1e15413bd16afee2be0a591f2b81

  • SHA512

    62fc3807ee9f92ba8ba38d871ef2a5ef488163167ac2eda88f5afa34e02487058cf4702c92901a9826474ec8b940efb070bd94a9931e949d83ed7b5a4b9dbf9c

  • SSDEEP

    6144:nhLqlzJry8S/TTVK0RWx3+fIYENxE8AXJzEpuu/0Cd+3:nhLw8bsQA3SIDxCEpuqd+

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      a18b4330b99991158d7fc4d8c642d53d0aef1e15413bd16afee2be0a591f2b81

    • Size

      300KB

    • MD5

      4f7aacf7e5868145e8a437b5d58d08b0

    • SHA1

      f4797649c2c064e3fa0a54f44810e3a57cf85d80

    • SHA256

      a18b4330b99991158d7fc4d8c642d53d0aef1e15413bd16afee2be0a591f2b81

    • SHA512

      62fc3807ee9f92ba8ba38d871ef2a5ef488163167ac2eda88f5afa34e02487058cf4702c92901a9826474ec8b940efb070bd94a9931e949d83ed7b5a4b9dbf9c

    • SSDEEP

      6144:nhLqlzJry8S/TTVK0RWx3+fIYENxE8AXJzEpuu/0Cd+3:nhLw8bsQA3SIDxCEpuqd+

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks for any installed AV software in registry

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks