d864c770b13f2ec248d0304c70482a3da4b77045ac5fe6f18477f4f99bc7990c | Triage

Submit
Reports

Overview

overview

Static

static

d864c770b1...0c.exe

windows7-x64

d864c770b1...0c.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

d864c770b13f2ec248d0304c70482a3da4b77045ac5fe6f18477f4f99bc7990c
Size

159KB
Sample

221204-hhrhjaad7v
MD5

1b28fc597bf19d9c96be3ecd8424de63
SHA1

66bcfe8638912a0991911aab7cb2f95fe9245df7
SHA256

d864c770b13f2ec248d0304c70482a3da4b77045ac5fe6f18477f4f99bc7990c
SHA512

a128c6b3243c9bce2aefd85b57650f4e7dcfee574860902daa1d1a7832d8e964d3d32c1446d68c737eaa9d6ba734e26592af174fae5c2917c47432928b077cf0
SSDEEP

3072:EZ4++394Pf3xI2fmFxaQOjCr33x0hB1ARNUYzdpQMJrly:EZ4++3y30FxLZHyhBKRiUVrl

Score

10^/10

collection discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

d864c770b13f2ec248d0304c70482a3da4b77045ac5fe6f18477f4f99bc7990c.exe

Resource

win7-20220901-en

collection discovery persistence spyware stealer

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

d864c770b13f2ec248d0304c70482a3da4b77045ac5fe6f18477f4f99bc7990c.exe

Resource

win10v2004-20220901-en

collection discovery persistence spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  d864c770b13f2ec248d0304c70482a3da4b77045ac5fe6f18477f4f99bc7990c
- Size
  
  159KB
- MD5
  
  1b28fc597bf19d9c96be3ecd8424de63
- SHA1
  
  66bcfe8638912a0991911aab7cb2f95fe9245df7
- SHA256
  
  d864c770b13f2ec248d0304c70482a3da4b77045ac5fe6f18477f4f99bc7990c
- SHA512
  
  a128c6b3243c9bce2aefd85b57650f4e7dcfee574860902daa1d1a7832d8e964d3d32c1446d68c737eaa9d6ba734e26592af174fae5c2917c47432928b077cf0
- SSDEEP
  
  3072:EZ4++394Pf3xI2fmFxaQOjCr33x0hB1ARNUYzdpQMJrly:EZ4++3y30FxLZHyhBKRiUVrl
Score

10^/10

collection discovery persistence spyware stealer
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondiscoverypersistencespywarestealer

behavioral2

collectiondiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy