f1f5dcfc3ffd836a34d8c61bee9b797ab75e992f21842f3f75273604253b2a75 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7c1dba5124792af1b2e652a240e5f4fc.exe
Size

361KB
Sample

230213-h3nx5sba6v
MD5

7c1dba5124792af1b2e652a240e5f4fc
SHA1

d493c6f0ad4608c0740f2d467e4eb99bba18523a
SHA256

f1f5dcfc3ffd836a34d8c61bee9b797ab75e992f21842f3f75273604253b2a75
SHA512

6e709fc64ed3683278ee0f0603dbda3d6ebb9523e056f7094d97c89cfddc6c60e4437bae2bbe221f214679ca313eec2157e1ef32b0c9b1d3157f43550cfedb9a
SSDEEP

6144:S8pfI9WK+yGvgzY1d6qGvGq3dwBEKuwlGl/9Cp2F9dEnn8ZF6ERa:SQvgseqNq3deEDJl/c2Fy

Score

6^/10

spyware

Malware Config

Targets

- Target
  
  7c1dba5124792af1b2e652a240e5f4fc.exe
- Size
  
  361KB
- MD5
  
  7c1dba5124792af1b2e652a240e5f4fc
- SHA1
  
  d493c6f0ad4608c0740f2d467e4eb99bba18523a
- SHA256
  
  f1f5dcfc3ffd836a34d8c61bee9b797ab75e992f21842f3f75273604253b2a75
- SHA512
  
  6e709fc64ed3683278ee0f0603dbda3d6ebb9523e056f7094d97c89cfddc6c60e4437bae2bbe221f214679ca313eec2157e1ef32b0c9b1d3157f43550cfedb9a
- SSDEEP
  
  6144:S8pfI9WK+yGvgzY1d6qGvGq3dwBEKuwlGl/9Cp2F9dEnn8ZF6ERa:SQvgseqNq3deEDJl/c2Fy
Score

6^/10

spyware
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2