Overview

overview

8

Static

static

1

e4103d5b46...ef.lnk

windows7-x64

3

e4103d5b46...ef.lnk

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25ca19970d85b097583177e4a264c972.bin

  • Size

    1KB

  • Sample

    230316-hdem6shd83

  • MD5

    af6862cd8e30ba9284c77437c5037f47

  • SHA1

    aaa01f525642d3fe016d813f5fe703c7382bdbca

  • SHA256

    8fe6bb010741733611f4cb4c25184ef65fc8a6a780809f0a085cba163d32c604

  • SHA512

    eec175cc2659dff9c2780c0538c5872746c616259dc9ccde57fe577fb024b0d2394e96c4b8e9efad9254600bd3c59addb1d742a991fc64912b0c22804ea04d9e

Score
8/10
collectionpersistencespywarestealer

Malware Config

Targets

    • Target

      e4103d5b4677f4a36c66e42426980065b160deba3acd2784650c49022a4483ef.lnk

    • Size

      3KB

    • MD5

      25ca19970d85b097583177e4a264c972

    • SHA1

      c148a724aa47f59da5de818b9ed0eb4de1d0707b

    • SHA256

      e4103d5b4677f4a36c66e42426980065b160deba3acd2784650c49022a4483ef

    • SHA512

      ae151aaa483bf435e77ffec1d9604aa5083415bc63943778fdb38c7c57b66722ea4cafb6d0ec476d11c9347c4117e2933a638efcbcf75f27f2f07c8d0629ab74

    Score
    8/10
    collectionpersistencespywarestealer

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks