Overview

overview

8

Static

static

1

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    111KB

  • Sample

    230306-sb6nzsch65

  • MD5

    5b45640a3bd4fdc32df75aa462f5a167

  • SHA1

    fdc2b61ca7b5c31ba48155d364b8797990e2eaee

  • SHA256

    2e53a6710f04dd84cfd3ac1874a2a61e690568405f192e7cbf8a4df12da334c4

  • SHA512

    3f3e86e14f0a09bafd374da2417452bc69741e14c2d4e1a4b208a94e1a2c9cd3a0c4336ec23e9b046bcad051aac8d6f05d4477cb516c3700b27f21e023106963

  • SSDEEP

    3072:lb4MOYUuQaS+T8sv8X31OjqOjNhOYRbxqH8QW2zCrAZuRs5:wYUuQaS+T8sv8X31OXN1bgl

Score
8/10
spywarestealer

Malware Config

Targets

    • Target

      file.exe

    • Size

      111KB

    • MD5

      5b45640a3bd4fdc32df75aa462f5a167

    • SHA1

      fdc2b61ca7b5c31ba48155d364b8797990e2eaee

    • SHA256

      2e53a6710f04dd84cfd3ac1874a2a61e690568405f192e7cbf8a4df12da334c4

    • SHA512

      3f3e86e14f0a09bafd374da2417452bc69741e14c2d4e1a4b208a94e1a2c9cd3a0c4336ec23e9b046bcad051aac8d6f05d4477cb516c3700b27f21e023106963

    • SSDEEP

      3072:lb4MOYUuQaS+T8sv8X31OjqOjNhOYRbxqH8QW2zCrAZuRs5:wYUuQaS+T8sv8X31OXN1bgl

    Score
    8/10
    spywarestealer

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks