ccbcacb9d7c41706508c6518b5976d043b1d41624deb5ce5049eb1a6eb8192e3 | Triage

Submit
Reports

Overview

overview

Static

static

5

ccbcacb9d7...e3.xls

windows7-x64

ccbcacb9d7...e3.xls

windows10-2004-x64

1

Sharing

General

Target

ccbcacb9d7c41706508c6518b5976d043b1d41624deb5ce5049eb1a6eb8192e3.xlsx
Size

1.8MB
Sample

230206-3sab8abf5v
MD5

b7b547d017f9576698b464f93997b0ee
SHA1

0ae98a894517fb36cce84d023a7922cbec81ffad
SHA256

ccbcacb9d7c41706508c6518b5976d043b1d41624deb5ce5049eb1a6eb8192e3
SHA512

b21f77fbd5c51b5f3763310dd693ab9be46bb958955179dc8b4ec3bbaba6357f44171b6ce041c4ba2814077d66d4e798febd1fb5de6a9d69b7b9a10ff1578474
SSDEEP

49152:oLK7B9ghkuJ1ae9a9guJ1E5aKjTbcobCl+nGiKQLdlz:YaShkwPYiwudjUjd1QHz

Score

10^/10

collection macro spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ccbcacb9d7c41706508c6518b5976d043b1d41624deb5ce5049eb1a6eb8192e3.xls

Resource

win7-20221111-en

collection spyware stealer

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

ccbcacb9d7c41706508c6518b5976d043b1d41624deb5ce5049eb1a6eb8192e3.xls

Resource

win10v2004-20220901-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.sfivegroupe.com
Port:
587
Username:
malika.baraitame@sfivegroupe.com
Password:
S8YVh~75ZPC

Targets

- Target
  
  ccbcacb9d7c41706508c6518b5976d043b1d41624deb5ce5049eb1a6eb8192e3.xlsx
- Size
  
  1.8MB
- MD5
  
  b7b547d017f9576698b464f93997b0ee
- SHA1
  
  0ae98a894517fb36cce84d023a7922cbec81ffad
- SHA256
  
  ccbcacb9d7c41706508c6518b5976d043b1d41624deb5ce5049eb1a6eb8192e3
- SHA512
  
  b21f77fbd5c51b5f3763310dd693ab9be46bb958955179dc8b4ec3bbaba6357f44171b6ce041c4ba2814077d66d4e798febd1fb5de6a9d69b7b9a10ff1578474
- SSDEEP
  
  49152:oLK7B9ghkuJ1ae9a9guJ1E5aKjTbcobCl+nGiKQLdlz:YaShkwPYiwudjUjd1QHz
Score

10^/10

collection spyware stealer
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

collectionspywarestealer

behavioral2

© 2018-2024

Terms | Privacy