45c78f2a12046e977a1c8ad51b8abb9884c75105be7b08d7d57bb9b1141616e9 | Triage

Resubmissions

06-01-2025 13:01

250106-p9jekaxkcx 10

13-10-2024 23:16

241013-289lkssepc 10

14-03-2023 17:05

230314-vl5ksagf73 7

14-03-2023 16:59

230314-vhej7agf56 7

Sharing

General

Target

thisIsScary.zip
Size

1.9MB
Sample

230314-vhej7agf56
MD5

88c51fc478baaf6b50f9b28ea7156502
SHA1

6f38df64064c049426ec6344c62d4adcbcf93c7e
SHA256

45c78f2a12046e977a1c8ad51b8abb9884c75105be7b08d7d57bb9b1141616e9
SHA512

d7ae38c3c9fd618c9017a3b66622443449e882a69562729ba48b798c5ba4e2647d6a11abec0d80365a8cd810c91b9bb2dc727d70609fd5a5f833c6bffecbee65
SSDEEP

49152:BJjkyScTybk5u1gfIjx2ZiJcExazuNZyOR9:nkPcTyqu1bFWGc+azu+g9

Score

7^/10

spyware

Malware Config

Targets

- Target
  
  thisIsScary.exe
- Size
  
  746.2MB
- MD5
  
  f359144193a123071150ae6d7c998a2e
- SHA1
  
  f521e43219ec31925397cf358b0d965f0597ef5d
- SHA256
  
  4297e5866beebdedce1e28b89724a9853af982bc39988a38cf3c70db2a98c86a
- SHA512
  
  c577cc3ca0354acb1333ebeae9b4abd50c088a68fa3bcdd499404f38c8f05b79a3322972d3ff5a729fc89ad4b72f224173a16e8d7f22929f6f41b5b50369baba
- SSDEEP
  
  24576:3R49/r0wcuSm364suiUv9poYGOecJz/tzYUl8RvIGLlECdB8MIw+RY6ATLZFAgYq:A/Mm31/oLO/58qnRL6LW
Score

7^/10

spyware
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2