d68af7d58d8514cebc01250af1c0fcdeb6142df3320ff34e48280d56d6af37f8 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

LoaderFixer.exe

windows10-2004-x64

8

Sharing

General

Target

LoaderFixer.exe
Size

17.7MB
Sample

230205-f667sagd39
MD5

a518234ee9320307559770be505c5da3
SHA1

c58f1d5c9718bc340fb3f2a270a9200db29ac339
SHA256

d68af7d58d8514cebc01250af1c0fcdeb6142df3320ff34e48280d56d6af37f8
SHA512

c89dc340920688af1eb2227bec7a0d7b6d935536b1276cbfb615bcdff1cef5f0089261c9d73b33108494f65cf351ac8e82439466db94a311f8247dde2f4f2659
SSDEEP

393216:Lu7L/dWBb+4hQenSyY+k4tOJCEDd/m3pCZkVRiEFT7bfIGy:LCL0N+4XY4tuCEDdKCZkVRiS7kT

Score

8^/10

microsoft persistence phishing pyinstaller spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

LoaderFixer.exe

Resource

win10v2004-20221111-en

microsoft persistence phishing spyware stealer

windows10-2004-x64

25 signatures

1800 seconds

Malware Config

Targets

- Target
  
  LoaderFixer.exe
- Size
  
  17.7MB
- MD5
  
  a518234ee9320307559770be505c5da3
- SHA1
  
  c58f1d5c9718bc340fb3f2a270a9200db29ac339
- SHA256
  
  d68af7d58d8514cebc01250af1c0fcdeb6142df3320ff34e48280d56d6af37f8
- SHA512
  
  c89dc340920688af1eb2227bec7a0d7b6d935536b1276cbfb615bcdff1cef5f0089261c9d73b33108494f65cf351ac8e82439466db94a311f8247dde2f4f2659
- SSDEEP
  
  393216:Lu7L/dWBb+4hQenSyY+k4tOJCEDd/m3pCZkVRiEFT7bfIGy:LCL0N+4XY4tuCEDdKCZkVRiS7kT
Score

8^/10

microsoft persistence phishing spyware stealer
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

microsoftpersistencephishingspywarestealer

© 2018-2024

Terms | Privacy