Overview

overview

8

Static

static

cc231df7de...ed.exe

windows7-x64

8

cc231df7de...ed.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc231df7de4fc3f165eb4fa0b164750306a436ed

  • Size

    551KB

  • Sample

    230111-h6avpafa6v

  • MD5

    196b4c60853e8edb24430341e58e01ad

  • SHA1

    cc231df7de4fc3f165eb4fa0b164750306a436ed

  • SHA256

    783dbf002227109a372c999fb01e0a6a542ff273dcb8a10e9080ba8d7466a6e8

  • SHA512

    cef00627249e098c73a56639631462c8e079069553e26cb3b910f93c0509e4ed5514acb5fa3f8741625dc4bac053f5ad282b8924e6428b0e2b4cfd328fa19c42

  • SSDEEP

    12288:kYjCG72h8Hq19i4OK3Kfjrzzux2H4UzRE0qCWFpIa9mtbjqzIRCdcl:kYjdW8Hqri4kfjrexDCREGWqdRCCl

Score
8/10
spywarestealer

Malware Config

Targets

    • Target

      cc231df7de4fc3f165eb4fa0b164750306a436ed

    • Size

      551KB

    • MD5

      196b4c60853e8edb24430341e58e01ad

    • SHA1

      cc231df7de4fc3f165eb4fa0b164750306a436ed

    • SHA256

      783dbf002227109a372c999fb01e0a6a542ff273dcb8a10e9080ba8d7466a6e8

    • SHA512

      cef00627249e098c73a56639631462c8e079069553e26cb3b910f93c0509e4ed5514acb5fa3f8741625dc4bac053f5ad282b8924e6428b0e2b4cfd328fa19c42

    • SSDEEP

      12288:kYjCG72h8Hq19i4OK3Kfjrzzux2H4UzRE0qCWFpIa9mtbjqzIRCdcl:kYjdW8Hqri4kfjrexDCREGWqdRCCl

    Score
    8/10
    spywarestealer

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks