07ca0130f9ea32dd819144d32477c1ebd5128bd851e35138a94dedc5ffebfb13 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07ca0130f9ea32dd819144d32477c1ebd5128bd851e35138a94dedc5ffebfb13
Size

171KB
Sample

221206-y1mkasab85
MD5

08e573dc3861bf0d6d5b4ad2e05dd99b
SHA1

4df9e5e3787ad84c78e7b780fd328b8db990db54
SHA256

07ca0130f9ea32dd819144d32477c1ebd5128bd851e35138a94dedc5ffebfb13
SHA512

52019219afbff132443ad27bed403f81ad4c7e22533d5dbf373164b4c25c1b0493730551a669949590fdda9416b13d35b9f424c45846e38e02bf38dfa4213c7e
SSDEEP

3072:8GLB4CQmGFO6mPB0zjTj7ejwnNgqwRGzSHjWVudYChZMybA9f:QnZwRiudScwf

Score

10^/10

spyware stealer

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://www.time4unow.com/wp-content/config_20.ps1

Targets

- Target
  
  07ca0130f9ea32dd819144d32477c1ebd5128bd851e35138a94dedc5ffebfb13
- Size
  
  171KB
- MD5
  
  08e573dc3861bf0d6d5b4ad2e05dd99b
- SHA1
  
  4df9e5e3787ad84c78e7b780fd328b8db990db54
- SHA256
  
  07ca0130f9ea32dd819144d32477c1ebd5128bd851e35138a94dedc5ffebfb13
- SHA512
  
  52019219afbff132443ad27bed403f81ad4c7e22533d5dbf373164b4c25c1b0493730551a669949590fdda9416b13d35b9f424c45846e38e02bf38dfa4213c7e
- SSDEEP
  
  3072:8GLB4CQmGFO6mPB0zjTj7ejwnNgqwRGzSHjWVudYChZMybA9f:QnZwRiudScwf
Score

10^/10

spyware stealer
- Blocklisted process makes network request
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1