Overview

overview

7

Static

static

1

version_v317.exe

windows7-x64

7

version_v317.exe

windows10-2004-x64

7

Resubmissions

21-03-2023 16:39

230321-t5zcfaea4y 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    version_v317.bin.zip

  • Size

    408KB

  • Sample

    230321-t5zcfaea4y

  • MD5

    1691d724ccf1bfb87db0f4d98c991816

  • SHA1

    91db18b4a23b8256b9c70e1eb703c1afbf5fa5d7

  • SHA256

    9a8dac8d56137fde3518444d5d2fc1a2047ca8818292cbd9f4d1474a049d626c

  • SHA512

    aca3fb92baae95370773c504ea4d2abba2e8248af3679d916b4bf09c788fcf7bec73b9529325216c7a416009e6c089eaa7a2a5490b8f6d761bb01982526c956a

  • SSDEEP

    12288:DNWRgosiDkrTwYBkA46EtSiE9nzxqCxEr:pcgop4rTw95tSiEhwWEr

Score
7/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      version_v317.bin

    • Size

      1.1MB

    • MD5

      a3379dd436b5eaf0aa9b347298491ceb

    • SHA1

      90c8b1db730f5d17a7bc04523564499c1b0e330f

    • SHA256

      e41280f90eb285ec8e429cf6e9a74df539ae78bcf6c210308f33857cc764042b

    • SHA512

      bb6b85c8ef5f572a301157328a3c14a2d4ccbf8e6d3e55a73406aca4c770da47559035dba36f2a1efb6a7b91ba5f6f9a5ceb3b73ad63730d3ffd7638729f5f6f

    • SSDEEP

      24576:C9ZoIWr9cVcQWbWqH2KwpJuMKgaFqAvg:HXqpJ4g

    Score
    7/10
    discoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks