Overview

overview

8

Static

static

1

66cb83b03a...d6.exe

windows7-x64

8

66cb83b03a...d6.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    66cb83b03a810acbd9b08071efcfb055b272da2df721695fc22624c6bb6cadd6.zip

  • Size

    235KB

  • Sample

    230321-qq3jrscf51

  • MD5

    f3e2b415e792a793ddcc1601195614e1

  • SHA1

    62ece0b0652dc84bee65106459f1c59adc231832

  • SHA256

    89255d063942a60daa949cffb0956c8d8cbeec9c25c190166ff8899754b0b5b4

  • SHA512

    abc544227ab2030960a9d633c3d7e3728cfd674b2aeb6d4bfb1fe6c5c6a6abe1e9c751c88fd7f5e263677ce2ac7cd81dab17eb3dc27acffb9e72ae1bf6fd2ded

  • SSDEEP

    3072:ZJq8J0w6stlrlu28mS4uWGWzDecM5vNxcg0Yfx0Yv+JWBloPiUVdxbfMsXs1QEoG:DvJ0HwuLnWLDpMFQC505oDydmydmgMGc

Score
8/10
spywarestealer

Malware Config

Targets

    • Target

      66cb83b03a810acbd9b08071efcfb055b272da2df721695fc22624c6bb6cadd6.exe

    • Size

      249KB

    • MD5

      b3c87476205dddb0116e65ea556c0162

    • SHA1

      925aef2b8e7666f04fb06c2de30aae3445ee929f

    • SHA256

      66cb83b03a810acbd9b08071efcfb055b272da2df721695fc22624c6bb6cadd6

    • SHA512

      02d0f18bb0df1d5887682b13534d021614599dab3162c118522f3a30460d73d47644d1dfe24dca4c8b34006fe718c5b88a069e9e8eef464a951bd0a149c77cb3

    • SSDEEP

      6144:PYa6BCwFRtYQ88xkN8Q1UMbyBloNkxF5UDn+oNZdTM5:PYrrLtJ8I4xpNkxF5kn+IPA5

    Score
    8/10
    spywarestealer

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks