c2e98978063f02f9769d8372d10abc3fe734cd7e686c6ab5dedb08dd57076b17 | Triage

Submit
Reports

Overview

overview

9

Static

static

3817bad277...33.exe

windows7-x64

9

3817bad277...33.exe

windows10-2004-x64

9

Resubmissions

01-02-2023 05:13

230201-fwfl3sca33 9

Sharing

General

Target

3817bad277aa50016e08eed35e92d4a3b5247633
Size

876KB
Sample

230201-fwfl3sca33
MD5

6b1f65c5297138a312c83c277c258bcb
SHA1

3817bad277aa50016e08eed35e92d4a3b5247633
SHA256

c2e98978063f02f9769d8372d10abc3fe734cd7e686c6ab5dedb08dd57076b17
SHA512

213008ba436056bbeac9434f72d318c0af1a4fd4f7c082da3c32b0c1d801f3ae31208be3b2cd6e6cdaefa7728575757e7987230fb1d79895f214d4fa7b491bb1
SSDEEP

24576:GKm0WEPfv82Kww5Y3awdtWs8RPrK7LBmH0I:hmtUv4bY3hh8lrB

Score

9^/10

collection

Static task

static1

Behavioral task

behavioral1

Sample

3817bad277aa50016e08eed35e92d4a3b5247633.exe

Resource

win7-20221111-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

3817bad277aa50016e08eed35e92d4a3b5247633.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  3817bad277aa50016e08eed35e92d4a3b5247633
- Size
  
  876KB
- MD5
  
  6b1f65c5297138a312c83c277c258bcb
- SHA1
  
  3817bad277aa50016e08eed35e92d4a3b5247633
- SHA256
  
  c2e98978063f02f9769d8372d10abc3fe734cd7e686c6ab5dedb08dd57076b17
- SHA512
  
  213008ba436056bbeac9434f72d318c0af1a4fd4f7c082da3c32b0c1d801f3ae31208be3b2cd6e6cdaefa7728575757e7987230fb1d79895f214d4fa7b491bb1
- SSDEEP
  
  24576:GKm0WEPfv82Kww5Y3awdtWs8RPrK7LBmH0I:hmtUv4bY3hh8lrB
Score

9^/10

collection
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Drops startup file
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy