108362642bb9fac45815b85a7020421d95f7c14496b502ebca0d39014be5dd01 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

sample.html

windows10-1703-x64

8

Sharing

General

Target

sample
Size

735KB
Sample

230206-vysrrafa77
MD5

38bdfb6524cd50986edfd56767b0cbb7
SHA1

52ce42056d55ec46f9172bc06a6c9970eccc8205
SHA256

108362642bb9fac45815b85a7020421d95f7c14496b502ebca0d39014be5dd01
SHA512

7ee8c541bacfb5857b80afbb9c559b9eeb02745f90d22d3a58bc8ce17fcdcfecf83a85c6d4a0ee9a8ae314b8d3a66c7d64791d66d0b597384495c87047bf4876
SSDEEP

6144:XCMMxjMxbMx0MxHMxrMxmMxlMxxghm92KGh3xGGjPQUaUmsnIzwOyw2hWTkDMb7V:X9MhM1MSMNMxM4MHMXQ0b2g

Score

8^/10

discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

sample.html

Resource

win10-20220901-en

discovery persistence spyware stealer

windows10-1703-x64

28 signatures

1800 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  735KB
- MD5
  
  38bdfb6524cd50986edfd56767b0cbb7
- SHA1
  
  52ce42056d55ec46f9172bc06a6c9970eccc8205
- SHA256
  
  108362642bb9fac45815b85a7020421d95f7c14496b502ebca0d39014be5dd01
- SHA512
  
  7ee8c541bacfb5857b80afbb9c559b9eeb02745f90d22d3a58bc8ce17fcdcfecf83a85c6d4a0ee9a8ae314b8d3a66c7d64791d66d0b597384495c87047bf4876
- SSDEEP
  
  6144:XCMMxjMxbMx0MxHMxrMxmMxlMxxghm92KGh3xGGjPQUaUmsnIzwOyw2hWTkDMb7V:X9MhM1MSMNMxM4MHMXQ0b2g
Score

8^/10

discovery persistence spyware stealer
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

© 2018-2024

Terms | Privacy