140b07f8fb020341f42c3814589dd544ad8425dfe4be03606cc8e3bdb68dcc67

Analysis

max time kernel
78s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24/03/2023, 18:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.exe
Size

80.1MB
MD5

f9a9ee959166b3543d77ebbc9dd7c19c
SHA1

1f45ae9e152e345c833f69ea0409b182e1e6905c
SHA256

140b07f8fb020341f42c3814589dd544ad8425dfe4be03606cc8e3bdb68dcc67
SHA512

9639387e7b3abd0f3563e1c537098bb212907b6bc174e74e9edae4e6f1cbe3304c30a050bb880c63bdaa3ac78fd016eaa0b96f08ed9d354c75a0a57246b11eb2
SSDEEP

786432:FwcIvrihxcLLhFTN62uCcwTpH5OYY/I/o:FyrihSLVxNXvl0IA

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2852	sample.exe
2852	sample.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\sample.exe
"C:\Users\Admin\AppData\Local\Temp\sample.exe"
1⤵
- Loads dropped DLL
PID:2852

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.nexe_natives\sqlite3\lib\binding\napi-v3-win32-x64\node_sqlite3.node

Filesize
1.4MB

MD5
56192831a7f808874207ba593f464415

SHA1
e0c18c72a62692d856da1f8988b0bc9c8088d2aa

SHA256
6aa8763714aa5199a4065259af792292c2a7d6a2c381aa27007255421e5c9d8c

SHA512
c82aa1ef569c232b4b4f98a3789f2390e5f7bf5cc7e73d199fe23a3f636817edfdc2fb49ce7f69169c028a9dd5ab9f63e8f64964bb22424fc08db71e85054a33

Download Submit
C:\Users\Admin\.nexe_natives\sqlite3\lib\binding\napi-v3-win32-x64\node_sqlite3.node

Filesize
1.4MB

MD5
56192831a7f808874207ba593f464415

SHA1
e0c18c72a62692d856da1f8988b0bc9c8088d2aa

SHA256
6aa8763714aa5199a4065259af792292c2a7d6a2c381aa27007255421e5c9d8c

SHA512
c82aa1ef569c232b4b4f98a3789f2390e5f7bf5cc7e73d199fe23a3f636817edfdc2fb49ce7f69169c028a9dd5ab9f63e8f64964bb22424fc08db71e85054a33

Download Submit
C:\Users\Admin\.nexe_natives\sqlite3\node_modules\ignore-walk\LICENSE

Filesize
765B

MD5
82703a69f6d7411dde679954c2fd9dca

SHA1
bb408e929caeb1731945b2ba54bc337edb87cc66

SHA256
4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b

SHA512
3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46

Download Submit
C:\Users\Admin\.nexe_natives\sqlite3\node_modules\node-pre-gyp\package.json

Filesize
2KB

MD5
c805601907d0fc526136632c0aba18d3

SHA1
72fbba26600697c82dc191709dd7d4b8721038ee

SHA256
b0d2a69729723be09eab6197cb5b566802b96d41f1badf4d526be1d7141fccb0

SHA512
739d2dad3dfbc4a08ae2063447d03c0d9a54d7b69039faa35cd39a4c1e11745fb0eee9c5e6f88a0718bcf11652a912b1512bef26d4e3f354844f7dc1ca123ecc

Download Submit
C:\Users\Admin\.nexe_natives\sqlite3\node_modules\object-assign\license

Filesize
1KB

MD5
a12ebca0510a773644101a99a867d210

SHA1
0c94f137f6e0536db8cb2622a9dc84253b91b90c

SHA256
6fb9754611c20f6649f68805e8c990e83261f29316e29de9e6cedae607b8634c

SHA512
ae79e7a4209a451aef6b78f7b0b88170e7a22335126ac345522bf4eafe0818da5865aae1507c5dc0224ef854548c721df9a84371822f36d50cbcd97fa946eee9

Download Submit
C:\Users\Admin\.nexe_natives\sqlite3\node_modules\tunnel-agent\LICENSE

Filesize
8KB

MD5
f3f8ead5440d1c311b45be065d135d90

SHA1
05979f0750cf5c2a17bd3aa12450849c151d8b7c

SHA256
d446a8c73d7bbe4872d6524b15ae206f9a2d7eb53f8c9cb6e6c893a43acc5276

SHA512
d52ead0329e9223dce3d54f83c9e8caab7974355c248e2e85a1a8aa3198af402507761c22bad31307ae3bda06528ed0b3487e9ac9f6a6c3c413e09a5acac915d

Download Submit
C:\Users\Admin\.nexe_natives\sqlite3\package.json

Filesize
3KB

MD5
6fc2ac3e58ea88eba8ef8c78257804e6

SHA1
92ce5c01712271f80aa85e2ba78c2e06791b4b1f

SHA256
1ee12a8175e8a1c842a9790de45777c7a253588a7f02e5f8c314ec0d75b90567

SHA512
85dbb253372ce1f61ea4bc8d1eed8b489808f6f2f39a1d4713e7618268bc1b328f7667bbbadf91502e41b54ee5f16bf85f377737b34d08e8971077d0059771c8

Download Submit
C:\Users\Admin\.nexe_natives\win-dpapi\build\Release\node-dpapi.node

Filesize
141KB

MD5
5a152897598d6ffc1912b124bf62f3b7

SHA1
f32c1866c88f43782ca16e66abdc2337fbe0bc10

SHA256
7a1f4c63eaae9853ddeb88ab3de9d5a36750e5e5e83c21f75bdff6c7c26ab7e8

SHA512
43d4f65c2f8bd1764a04d0c85a9b42ade28947621e5506fd48b41c84cb68d1bcb151df344e63a2e76ea55406e7d5ae8f4c8b295b00a71b98068b5da0c25b935c

Download Submit
C:\Users\Admin\.nexe_natives\win-dpapi\build\Release\node-dpapi.node

Filesize
141KB

MD5
5a152897598d6ffc1912b124bf62f3b7

SHA1
f32c1866c88f43782ca16e66abdc2337fbe0bc10

SHA256
7a1f4c63eaae9853ddeb88ab3de9d5a36750e5e5e83c21f75bdff6c7c26ab7e8

SHA512
43d4f65c2f8bd1764a04d0c85a9b42ade28947621e5506fd48b41c84cb68d1bcb151df344e63a2e76ea55406e7d5ae8f4c8b295b00a71b98068b5da0c25b935c

Download Submit