Resubmissions
14-06-2023 13:00
230614-p85w6shd9v 706-04-2023 23:11
230406-2586msfe98 708-12-2022 18:54
221208-xkg47sdh71 706-02-2022 20:38
220206-zez4yabhcl 10Analysis
-
max time kernel
166s -
max time network
284s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
08-12-2022 18:54
Static task
static1
Behavioral task
behavioral1
Sample
ColdStealer.exe
Resource
win7-20221111-en
General
-
Target
ColdStealer.exe
-
Size
258KB
-
MD5
c41a85123af144790520f502fe190110
-
SHA1
cc85d3c7c4c4d452fc12dc5a2e9ef3ffd9c0f42b
-
SHA256
eeaf3f80e04400fa8e097fef2c84d5e32ff8c5e0cd0f46549c8651cf145ba780
-
SHA512
d64e292940b62ae04426c3681fd1df092f215acafeaf61de1df38b4d64d3e703e8d516713359c98a141c153e9248c3b7d698d6aa61ad5d0a8b990095213c80a1
-
SSDEEP
6144:6HHRVPA+o6RLFjhDExHl0XBUnU7T/icXnNnqaV7W+czLmF:6HHRVNRLF1An+TZXNqaV7/yLI
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 ColdStealer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier ColdStealer.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 764 ColdStealer.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 764 ColdStealer.exe