9360554f2e28415c1060e32aed40757998e0b16db0905f4ae5e1d21676b00ec5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cc69c7d6e3e3c93b31ef9c7937a3fb52.exe
Size

1.5MB
Sample

230106-s38bwsha85
MD5

cc69c7d6e3e3c93b31ef9c7937a3fb52
SHA1

f0e9419c99fe3432662a311975fdd57da54baf4f
SHA256

9360554f2e28415c1060e32aed40757998e0b16db0905f4ae5e1d21676b00ec5
SHA512

3ddb066195d05138d82ce33fdc273cd5fe6e411b2d8e18bc3a0e07f2076af4f9b33848bec63915dfa56aa58fe659609e623820e1463a3b450c065a9f20dc5a20
SSDEEP

24576:HnsJ39LyjbJkQFMhmC+6GD9zq1I+Rz6OuN6nLSgg/p97/2sX8Ec5l:HnsHyjtk2MYC5GDNq1IsuN8fKpJsr

Score

10^/10

collection persistence spyware stealer

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.ioit.ac.vn
Port:
587
Username:
[email protected]
Password:
Newton@23

Targets

- Target
  
  cc69c7d6e3e3c93b31ef9c7937a3fb52.exe
- Size
  
  1.5MB
- MD5
  
  cc69c7d6e3e3c93b31ef9c7937a3fb52
- SHA1
  
  f0e9419c99fe3432662a311975fdd57da54baf4f
- SHA256
  
  9360554f2e28415c1060e32aed40757998e0b16db0905f4ae5e1d21676b00ec5
- SHA512
  
  3ddb066195d05138d82ce33fdc273cd5fe6e411b2d8e18bc3a0e07f2076af4f9b33848bec63915dfa56aa58fe659609e623820e1463a3b450c065a9f20dc5a20
- SSDEEP
  
  24576:HnsJ39LyjbJkQFMhmC+6GD9zq1I+Rz6OuN6nLSgg/p97/2sX8Ec5l:HnsHyjtk2MYC5GDNq1IsuN8fKpJsr
Score

10^/10

collection persistence spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

collectionpersistencespywarestealer

behavioral2

collectionpersistencespywarestealer