06a452242cc77d0b97cbb86ea417bfb0fe967778aa4ea05a6d75917346616146 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

Fiserv_SHI...2).exe

windows7-x64

1

Fiserv_SHI...2).exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

Fiserv_SHIP_RangerForCanonCR50_CR80_CRL1_4.9.4.5-2.1.1.1_RR_v2.2.2.1 (1) (2).exe
Size

64.7MB
Sample

230309-yf5kdahh87
MD5

39d4d92c11d007d07266f7c11e1d5020
SHA1

eb6ca74d21707daa986f56735e75165968093287
SHA256

06a452242cc77d0b97cbb86ea417bfb0fe967778aa4ea05a6d75917346616146
SHA512

c1bdf6989502c25ad818ae117cab266f77291d1188afd380e625ab15e6381ba2289649202f83adcf96223981404b70858932946da6ce7297d36c2f998b0fab3f
SSDEEP

1572864:KMmQ/Fs2h9fm35QwfRf67Z0+tGZfcvGuo0YRRH1FWmdF:KM73fm5fRfe60vGuQVFzd

Score

7^/10

discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Fiserv_SHIP_RangerForCanonCR50_CR80_CRL1_4.9.4.5-2.1.1.1_RR_v2.2.2.1 (1) (2).exe

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

Fiserv_SHIP_RangerForCanonCR50_CR80_CRL1_4.9.4.5-2.1.1.1_RR_v2.2.2.1 (1) (2).exe

Resource

win10v2004-20230220-en

discovery spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  Fiserv_SHIP_RangerForCanonCR50_CR80_CRL1_4.9.4.5-2.1.1.1_RR_v2.2.2.1 (1) (2).exe
- Size
  
  64.7MB
- MD5
  
  39d4d92c11d007d07266f7c11e1d5020
- SHA1
  
  eb6ca74d21707daa986f56735e75165968093287
- SHA256
  
  06a452242cc77d0b97cbb86ea417bfb0fe967778aa4ea05a6d75917346616146
- SHA512
  
  c1bdf6989502c25ad818ae117cab266f77291d1188afd380e625ab15e6381ba2289649202f83adcf96223981404b70858932946da6ce7297d36c2f998b0fab3f
- SSDEEP
  
  1572864:KMmQ/Fs2h9fm35QwfRf67Z0+tGZfcvGuo0YRRH1FWmdF:KM73fm5fRfe60vGuQVFzd
Score

7^/10

discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryspywarestealer

© 2018-2025

Terms | Privacy