45438e0d6a47a90beea24d4bb1d0a4387032a12a9b7d64b2e08986cbfb264406 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

conti/locker.exe

windows7-x64

7

conti/locker.exe

windows10-2004-x64

7

Resubmissions

11-03-2023 15:20

230311-sqvv2abh7w 7

11-03-2023 13:56

230311-q8tpksbf8y 10

Sharing

General

Target

Desktop.zip
Size

441KB
Sample

230311-sqvv2abh7w
MD5

9939ec0b4762cb5f5aef3116ec62763d
SHA1

b6571f2c205412d9c7b2cf0a5aabda448844b634
SHA256

45438e0d6a47a90beea24d4bb1d0a4387032a12a9b7d64b2e08986cbfb264406
SHA512

d3a1314e0f44de3f20aae125851173e36a704daf0fcf14327b1c9341059311c3174e5aad274f5cbad08e8b71bbdaa93f590f2480f5c3ec6b7d0fe2c546125a6f
SSDEEP

12288:FCK5maH/V4sBXIxzv1C0sSihBVW6CDg1K1on61UDhG:T7C5S072BlCk14on61kG

Score

7^/10

persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

conti/locker.exe

Resource

win7-20230220-en

persistence spyware stealer

windows7-x64

18 signatures

300 seconds

Behavioral task

behavioral2

Sample

conti/locker.exe

Resource

win10v2004-20230220-en

spyware stealer

windows10-2004-x64

7 signatures

300 seconds

Malware Config

Targets

- Target
  
  conti/locker.exe
- Size
  
  1.4MB
- MD5
  
  f9f2b0dca4ff4365b98599afb5c1e14e
- SHA1
  
  9cac04b31f29b81c89cfd840e160a1185768c699
- SHA256
  
  2b19e130390bf1a65c40a909a3dc5ce2af96d921d2bb4949724be9085e0abbe7
- SHA512
  
  52d586efaeea2e3350e08ce53b3b8fef63c4cd22eab757aa7d42a6534011d505ad14c39b59d70f45a17ed0035bc234fd0dffef209739a81cae8841b214d1308a
- SSDEEP
  
  12288:GZH7AAO2VRbDEsLC3L79iiauuxJ8QahIha4B7ByfdoiUriupSezaVm:GZH7Hc3L7yJGhIha4B1yfui8b2m
Score

7^/10

persistence spyware stealer
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

© 2018-2024

Terms | Privacy