5dbae05b9df802a568834ba0c4fc6854cdb6a759d3c95b68dfcf97cc0ea5f614 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f0ef0e5643b003fcb2387b91a06d9bf.exe
Size

356KB
Sample

230305-16r33shf57
MD5

5f0ef0e5643b003fcb2387b91a06d9bf
SHA1

47ab45434c0721cf2b2bf400b70fde04b4b9cd99
SHA256

5dbae05b9df802a568834ba0c4fc6854cdb6a759d3c95b68dfcf97cc0ea5f614
SHA512

d771b39baf0b8cc8dcd345b0895147badf54846ff42ca6c49712c31a6b8a319fa244ace4f3302b1d3ff251a118c66fb8d0659da987c6c67b293d3f0c09439645
SSDEEP

3072:Owod8WUlNdgb3vy/iPYVjCS8l1JuFyAYWjGSxILUiIgdHMtgUfKKm6MiPD/Inwx7:Oww8BIdeguFGt77q+iPEnMd

Score

6^/10

spyware

Malware Config

Targets

- Target
  
  5f0ef0e5643b003fcb2387b91a06d9bf.exe
- Size
  
  356KB
- MD5
  
  5f0ef0e5643b003fcb2387b91a06d9bf
- SHA1
  
  47ab45434c0721cf2b2bf400b70fde04b4b9cd99
- SHA256
  
  5dbae05b9df802a568834ba0c4fc6854cdb6a759d3c95b68dfcf97cc0ea5f614
- SHA512
  
  d771b39baf0b8cc8dcd345b0895147badf54846ff42ca6c49712c31a6b8a319fa244ace4f3302b1d3ff251a118c66fb8d0659da987c6c67b293d3f0c09439645
- SSDEEP
  
  3072:Owod8WUlNdgb3vy/iPYVjCS8l1JuFyAYWjGSxILUiIgdHMtgUfKKm6MiPD/Inwx7:Oww8BIdeguFGt77q+iPEnMd
Score

6^/10

spyware
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2