Overview

overview

8

Static

static

1

file.exe

windows7-x64

8

file.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    385KB

  • Sample

    230210-wvbjqsea4s

  • MD5

    dfd4a5fc7dc081d9e6a1af88f62b7d87

  • SHA1

    8189c986400e13d5ebd29d43e1ed26b3a5638022

  • SHA256

    f2a65ee9f937a7937fd4bb47a67a87f4c0619fabb192612837d020c9712f1533

  • SHA512

    6a13393e914f86fc5e800d069e1bb082e4da99a21531200eb46444f3da8b8ac079a4af945aa9c95bd859d4cc83452b288fd0ad944c548c465111521d83b1708a

  • SSDEEP

    6144:C60ylp0UilWqMz71lFGErL8uPQpunfW7J:C7WqMHZ8cnfW

Score
8/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      file

    • Size

      385KB

    • MD5

      dfd4a5fc7dc081d9e6a1af88f62b7d87

    • SHA1

      8189c986400e13d5ebd29d43e1ed26b3a5638022

    • SHA256

      f2a65ee9f937a7937fd4bb47a67a87f4c0619fabb192612837d020c9712f1533

    • SHA512

      6a13393e914f86fc5e800d069e1bb082e4da99a21531200eb46444f3da8b8ac079a4af945aa9c95bd859d4cc83452b288fd0ad944c548c465111521d83b1708a

    • SSDEEP

      6144:C60ylp0UilWqMz71lFGErL8uPQpunfW7J:C7WqMHZ8cnfW

    Score
    8/10
    discoveryspywarestealer

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks