Overview

overview

10

Static

static

10

4554d37ac1...03.exe

windows7-x64

7

4554d37ac1...03.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e03131e486b1edd36a85c781c41d00f6.bin

  • Size

    1.8MB

  • Sample

    230123-l3ew1scg82

  • MD5

    96f37928108e28e1caea007b8256274c

  • SHA1

    f2c9ad9a16c00a29cf8fa8197936ce340043a14e

  • SHA256

    20647778b10e9bef7d8f1ff922399801ea5b2873c017584e52eaac79aead4513

  • SHA512

    24053eb5def0ab887f1d0fd01a6709f3fd1671f0010c593d9009e667160ecc02cf86dc8e0fd3153951d97d28160f93938e612eccaf5aed3d4f8ac02a1dbc835c

  • SSDEEP

    49152:WN6CaintSA8dWF4KM6DgOxiDfwnZjeLzjjVuxX:W3tSA2WKAxWfwZyfUR

Score
10/10
privateloaderdiscoveryspywarestealer

Malware Config

Targets

    • Target

      4554d37ac18022aa4f7a3ad15f0175108a7d15645c1ee625df92d8042df96203.exe

    • Size

      3.5MB

    • MD5

      e03131e486b1edd36a85c781c41d00f6

    • SHA1

      26a492a6805b1d451d8cadd0f42f99a412d1c9f3

    • SHA256

      4554d37ac18022aa4f7a3ad15f0175108a7d15645c1ee625df92d8042df96203

    • SHA512

      2f0eea52bbf7d18b6b2ebf34c32deeb927dcd358f058297390fdc9adda6b6043408ca11de81e4f4a0d3f175d772748f6c008a1c531d5ec2939501fd1cf44817d

    • SSDEEP

      98304:p3VEzCZpI57xHdgWCw1rBbOV/R2TU8TRbsLsiBP/UPuB7P7CbM5zD6sILTjblMSN:I6V/paRbsFs8i4osI3jhMSN

    Score
    7/10
    discoveryspywarestealer

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks