Overview

overview

8

Static

static

a036c5add5...44.exe

windows7-x64

8

a036c5add5...44.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    a036c5add52453dec8792b912b645dee230c8002059d65ecc6b0b16dccab3d44

  • Size

    7.5MB

  • Sample

    221206-nqrfdsgg3x

  • MD5

    642799dc8b9bb37f7698e1091395361f

  • SHA1

    f2739353a153f8e7a5f857f527529ae6bca5a20c

  • SHA256

    a036c5add52453dec8792b912b645dee230c8002059d65ecc6b0b16dccab3d44

  • SHA512

    4b39f7caebca70526d53a57fbf80765fdbb57e9f9f6084b6d6fcfbcd1639522dd2084424f491c31e6c0023ef2427403679f23143fa3938562a1b1ab0d8ebc872

  • SSDEEP

    196608:SsEcYtKe4gFPwwBkArzNsucRv3TG2mHVF+P+bj+6Q9fTtoABFF3Doz2AfEl/P3r9:ycYtKetFPwwBkArzNsucRv3TG2mHVF+F

Score
8/10
persistencespywarestealer

Malware Config

Targets

    • Target

      a036c5add52453dec8792b912b645dee230c8002059d65ecc6b0b16dccab3d44

    • Size

      7.5MB

    • MD5

      642799dc8b9bb37f7698e1091395361f

    • SHA1

      f2739353a153f8e7a5f857f527529ae6bca5a20c

    • SHA256

      a036c5add52453dec8792b912b645dee230c8002059d65ecc6b0b16dccab3d44

    • SHA512

      4b39f7caebca70526d53a57fbf80765fdbb57e9f9f6084b6d6fcfbcd1639522dd2084424f491c31e6c0023ef2427403679f23143fa3938562a1b1ab0d8ebc872

    • SSDEEP

      196608:SsEcYtKe4gFPwwBkArzNsucRv3TG2mHVF+P+bj+6Q9fTtoABFF3Doz2AfEl/P3r9:ycYtKetFPwwBkArzNsucRv3TG2mHVF+F

    Score
    8/10
    spywarestealerpersistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks