5037054eee8cec87240f32e9595ab6a839d1a46520705334d58540851ad1fb2e | Triage

Resubmissions

12-02-2023 12:14

230212-pehvjsdc6x 7

12-02-2023 12:01

230212-n69a5sdc21 1

Sharing

General

Target

MSI_Library.com
Size

656.3MB
Sample

230212-pehvjsdc6x
MD5

f81abdd3a1d303969cc2984c7c8d2061
SHA1

9fd4cbef5fdfaf053776b07bd6816f56a72ae420
SHA256

5037054eee8cec87240f32e9595ab6a839d1a46520705334d58540851ad1fb2e
SHA512

6839f966a5fdcdff2fc4ad688edddfeab235b95b05f893affd933dc881e5dd8f4b26e1b611c1486ba26a4d9152aab03e8d9c0903808892bd691910f71f7b49fa
SSDEEP

6144:y+miE7EB2VoNqnvQNUF/+wsEFmC4Cejozv:miEvICvNF/+5MxAA

Score

7^/10

spyware

Malware Config

Targets

- Target
  
  MSI_Library.com
- Size
  
  656.3MB
- MD5
  
  f81abdd3a1d303969cc2984c7c8d2061
- SHA1
  
  9fd4cbef5fdfaf053776b07bd6816f56a72ae420
- SHA256
  
  5037054eee8cec87240f32e9595ab6a839d1a46520705334d58540851ad1fb2e
- SHA512
  
  6839f966a5fdcdff2fc4ad688edddfeab235b95b05f893affd933dc881e5dd8f4b26e1b611c1486ba26a4d9152aab03e8d9c0903808892bd691910f71f7b49fa
- SSDEEP
  
  6144:y+miE7EB2VoNqnvQNUF/+wsEFmC4Cejozv:miEvICvNF/+5MxAA
Score

7^/10

spyware
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2