b87ce1e4e1886bbe6299522d6c24fcffc8400db42e7f1b7dd14d33a101226e43 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cureit.exe
Size

265.6MB
Sample

230105-m58sjsbg29
MD5

3e534543e835ef2799e20918bbd2cd3c
SHA1

85e0e6ce72573c23a38abda31ffd70bebd3296c7
SHA256

b87ce1e4e1886bbe6299522d6c24fcffc8400db42e7f1b7dd14d33a101226e43
SHA512

269191ee1dbab7caaf7ba2f99fcdb20109b2418dc3230d54f082e01bdfd9322ab98811a9e0bda4039fa1045ba2610d8871d4419e298e66de68141a19dc38705c
SSDEEP

6291456:FQRQZyrx6zfs/YKwqu+9n/RtHPSnUksq0cppmzjJV7MO9NgWUqx4W0dV8:HZe6zf9Bq9ZtHQUksSppAsO3w9P8

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  cureit.exe
- Size
  
  265.6MB
- MD5
  
  3e534543e835ef2799e20918bbd2cd3c
- SHA1
  
  85e0e6ce72573c23a38abda31ffd70bebd3296c7
- SHA256
  
  b87ce1e4e1886bbe6299522d6c24fcffc8400db42e7f1b7dd14d33a101226e43
- SHA512
  
  269191ee1dbab7caaf7ba2f99fcdb20109b2418dc3230d54f082e01bdfd9322ab98811a9e0bda4039fa1045ba2610d8871d4419e298e66de68141a19dc38705c
- SSDEEP
  
  6291456:FQRQZyrx6zfs/YKwqu+9n/RtHPSnUksq0cppmzjJV7MO9NgWUqx4W0dV8:HZe6zf9Bq9ZtHQUksSppAsO3w9P8
Score

8^/10

persistence spyware stealer
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Security Software Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

behavioral3

persistencespywarestealer