ceedc34b50f0888b8c64e055629a380f5d7cd28d6724841c8e16262c6c3cc4ba | Triage

Submit
Reports

Overview

overview

Static

static

ceedc34b50...ba.exe

windows7-x64

ceedc34b50...ba.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

ceedc34b50f0888b8c64e055629a380f5d7cd28d6724841c8e16262c6c3cc4ba
Size

344KB
Sample

221205-we8vasfa8x
MD5

75efba72a0bdd61858b868fc7239817e
SHA1

33ae93bf3ee68c8333b493ddeff7a4d4f7135b1f
SHA256

ceedc34b50f0888b8c64e055629a380f5d7cd28d6724841c8e16262c6c3cc4ba
SHA512

0171653f1a35819964af82b13273d2fde0f979e51556e6ddbfb2eeacecc6f4207463f007d846565b687bf21adfdd70142dac887270ed2cabf71aef44f082c68a
SSDEEP

3072:58p2+KI3XjPWtoCrSsR7ebFZaGFIK8qkFMIG1wYwEuXjpmDc/HOWte3C/ak:U2CHqXr5OFj2dG1BgN8c/HOZyik

Score

10^/10

evasion persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ceedc34b50f0888b8c64e055629a380f5d7cd28d6724841c8e16262c6c3cc4ba.exe

Resource

win7-20221111-en

evasion persistence

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

ceedc34b50f0888b8c64e055629a380f5d7cd28d6724841c8e16262c6c3cc4ba.exe

Resource

win10v2004-20220812-en

evasion persistence spyware stealer

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  ceedc34b50f0888b8c64e055629a380f5d7cd28d6724841c8e16262c6c3cc4ba
- Size
  
  344KB
- MD5
  
  75efba72a0bdd61858b868fc7239817e
- SHA1
  
  33ae93bf3ee68c8333b493ddeff7a4d4f7135b1f
- SHA256
  
  ceedc34b50f0888b8c64e055629a380f5d7cd28d6724841c8e16262c6c3cc4ba
- SHA512
  
  0171653f1a35819964af82b13273d2fde0f979e51556e6ddbfb2eeacecc6f4207463f007d846565b687bf21adfdd70142dac887270ed2cabf71aef44f082c68a
- SSDEEP
  
  3072:58p2+KI3XjPWtoCrSsR7ebFZaGFIK8qkFMIG1wYwEuXjpmDc/HOWte3C/ak:U2CHqXr5OFj2dG1BgN8c/HOZyik
Score

10^/10

evasion persistence spyware stealer
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistencespywarestealer

© 2018-2025

Terms | Privacy