Overview

overview

10

Static

static

e1e79a1149...02.exe

windows7-x64

10

e1e79a1149...02.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1e79a114929928f2dae6a3a7c16a7a4a9f9196a9885105ae0f422ef2acdea02

  • Size

    356KB

  • Sample

    221203-y1b4kaff4z

  • MD5

    79a554823940bc8c9531f604feeb47e7

  • SHA1

    f1890f39483b3f44a0cecbb4bfd47832f0239409

  • SHA256

    e1e79a114929928f2dae6a3a7c16a7a4a9f9196a9885105ae0f422ef2acdea02

  • SHA512

    ab75616d1b9d93abeda388caece14bea73747923904582000aec049575e2fc3f376a48055b319470e92536ecec55ac3b249ddfab8556306e8e0ab259e51197f7

  • SSDEEP

    6144:dlVvgjhQMWekPQRacktlIgAm75bOvGXbPUMp3l8gUAqh+urdA:dl2OMWbQRCjbM6Bq7A

Score
10/10
evasionpersistencespywarestealer

Malware Config

Targets

    • Target

      e1e79a114929928f2dae6a3a7c16a7a4a9f9196a9885105ae0f422ef2acdea02

    • Size

      356KB

    • MD5

      79a554823940bc8c9531f604feeb47e7

    • SHA1

      f1890f39483b3f44a0cecbb4bfd47832f0239409

    • SHA256

      e1e79a114929928f2dae6a3a7c16a7a4a9f9196a9885105ae0f422ef2acdea02

    • SHA512

      ab75616d1b9d93abeda388caece14bea73747923904582000aec049575e2fc3f376a48055b319470e92536ecec55ac3b249ddfab8556306e8e0ab259e51197f7

    • SSDEEP

      6144:dlVvgjhQMWekPQRacktlIgAm75bOvGXbPUMp3l8gUAqh+urdA:dl2OMWbQRCjbM6Bq7A

    Score
    10/10
    evasionpersistencespywarestealer

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks