3508674e78e25a2ee057e9e667c73515367d45388a9cfda3358b1ee668cb1798 | Triage

Sharing

General

Target

file.exe
Size

145KB
Sample

221223-navswagd46
MD5

a92b642fe1a1d8f98152f0d95affc079
SHA1

cd45d2f073c6fc3c232605f8c1bc02759a2a2ed0
SHA256

3508674e78e25a2ee057e9e667c73515367d45388a9cfda3358b1ee668cb1798
SHA512

98c8cde91d8e9066bacd613889bcab348834d6984d556a6764f16575d54de259ee215a0d297f2bca3c5fa8d3ddcbb3cce233da51bf9ceb74fae76289f7f97bcd
SSDEEP

3072:Ff4lB9JN6cNv5r8B/AgDkIZObemgrAPPISVaMficxnn69qcTtQpO6hB:KXZr8BIUkYOb7AAZVy4n6YgQ5

Score

8^/10

spyware

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  145KB
- MD5
  
  a92b642fe1a1d8f98152f0d95affc079
- SHA1
  
  cd45d2f073c6fc3c232605f8c1bc02759a2a2ed0
- SHA256
  
  3508674e78e25a2ee057e9e667c73515367d45388a9cfda3358b1ee668cb1798
- SHA512
  
  98c8cde91d8e9066bacd613889bcab348834d6984d556a6764f16575d54de259ee215a0d297f2bca3c5fa8d3ddcbb3cce233da51bf9ceb74fae76289f7f97bcd
- SSDEEP
  
  3072:Ff4lB9JN6cNv5r8B/AgDkIZObemgrAPPISVaMficxnn69qcTtQpO6hB:KXZr8BIUkYOb7AAZVy4n6YgQ5
Score

8^/10

spyware
- Downloads MZ/PE file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2