2bcd149d8bf5a28a67cc05da987911b409746a08460ab303394fd2938f125564

Analysis

max time kernel
97s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
24/03/2023, 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.exe
Size

82.5MB
MD5

5bf07c57a768efe067fe3918622a3920
SHA1

22b7e4e791175d9827ae21f3dc9cf6431f796ab9
SHA256

2bcd149d8bf5a28a67cc05da987911b409746a08460ab303394fd2938f125564
SHA512

caa4522c5f4477430f9c9e8ea5a7d4d12dca0d7bf84d67bd6f947572f4704044cc65b3f11b1031ae43c4986c6f1003d816e85038efa086b25aa8ff5d0396656e
SSDEEP

393216:v1LtM4NUw6ieanIWbB5Tmq6CQSQ+nu3IKcXkmZyGZYTMMA6tnzq1L7o3a9CcwTW+:v1TLq8pmftQIuCcwTpHhLQqaY/Io

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1772	sample.exe
1772	sample.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\sample.exe
"C:\Users\Admin\AppData\Local\Temp\sample.exe"
1⤵
- Loads dropped DLL
PID:1772

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.nexe_natives\sqlite3\lib\binding\napi-v3-win32-x64\node_sqlite3.node

Filesize
1.4MB

MD5
56192831a7f808874207ba593f464415

SHA1
e0c18c72a62692d856da1f8988b0bc9c8088d2aa

SHA256
6aa8763714aa5199a4065259af792292c2a7d6a2c381aa27007255421e5c9d8c

SHA512
c82aa1ef569c232b4b4f98a3789f2390e5f7bf5cc7e73d199fe23a3f636817edfdc2fb49ce7f69169c028a9dd5ab9f63e8f64964bb22424fc08db71e85054a33

Download Submit
C:\Users\Admin\.nexe_natives\sqlite3\lib\binding\napi-v3-win32-x64\node_sqlite3.node

Filesize
1.4MB

MD5
56192831a7f808874207ba593f464415

SHA1
e0c18c72a62692d856da1f8988b0bc9c8088d2aa

SHA256
6aa8763714aa5199a4065259af792292c2a7d6a2c381aa27007255421e5c9d8c

SHA512
c82aa1ef569c232b4b4f98a3789f2390e5f7bf5cc7e73d199fe23a3f636817edfdc2fb49ce7f69169c028a9dd5ab9f63e8f64964bb22424fc08db71e85054a33

Download Submit
C:\Users\Admin\.nexe_natives\sqlite3\node_modules\ignore-walk\LICENSE

Filesize
765B

MD5
82703a69f6d7411dde679954c2fd9dca

SHA1
bb408e929caeb1731945b2ba54bc337edb87cc66

SHA256
4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b

SHA512
3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46

Download Submit
C:\Users\Admin\.nexe_natives\sqlite3\node_modules\node-pre-gyp\package.json

Filesize
2KB

MD5
c805601907d0fc526136632c0aba18d3

SHA1
72fbba26600697c82dc191709dd7d4b8721038ee

SHA256
b0d2a69729723be09eab6197cb5b566802b96d41f1badf4d526be1d7141fccb0

SHA512
739d2dad3dfbc4a08ae2063447d03c0d9a54d7b69039faa35cd39a4c1e11745fb0eee9c5e6f88a0718bcf11652a912b1512bef26d4e3f354844f7dc1ca123ecc

Download Submit
C:\Users\Admin\.nexe_natives\sqlite3\node_modules\object-assign\license

Filesize
1KB

MD5
a12ebca0510a773644101a99a867d210

SHA1
0c94f137f6e0536db8cb2622a9dc84253b91b90c

SHA256
6fb9754611c20f6649f68805e8c990e83261f29316e29de9e6cedae607b8634c

SHA512
ae79e7a4209a451aef6b78f7b0b88170e7a22335126ac345522bf4eafe0818da5865aae1507c5dc0224ef854548c721df9a84371822f36d50cbcd97fa946eee9

Download Submit
C:\Users\Admin\.nexe_natives\sqlite3\node_modules\tunnel-agent\LICENSE

Filesize
8KB

MD5
f3f8ead5440d1c311b45be065d135d90

SHA1
05979f0750cf5c2a17bd3aa12450849c151d8b7c

SHA256
d446a8c73d7bbe4872d6524b15ae206f9a2d7eb53f8c9cb6e6c893a43acc5276

SHA512
d52ead0329e9223dce3d54f83c9e8caab7974355c248e2e85a1a8aa3198af402507761c22bad31307ae3bda06528ed0b3487e9ac9f6a6c3c413e09a5acac915d

Download Submit
C:\Users\Admin\.nexe_natives\sqlite3\package.json

Filesize
3KB

MD5
6fc2ac3e58ea88eba8ef8c78257804e6

SHA1
92ce5c01712271f80aa85e2ba78c2e06791b4b1f

SHA256
1ee12a8175e8a1c842a9790de45777c7a253588a7f02e5f8c314ec0d75b90567

SHA512
85dbb253372ce1f61ea4bc8d1eed8b489808f6f2f39a1d4713e7618268bc1b328f7667bbbadf91502e41b54ee5f16bf85f377737b34d08e8971077d0059771c8

Download Submit
C:\Users\Admin\.nexe_natives\win-dpapi\build\Release\node-dpapi.node

Filesize
141KB

MD5
d6da0e02ec3b47c8f1eaa6aae0d7c55d

SHA1
92d9276c2558d52d422dec2042c07bad5655fb4b

SHA256
fe408d3e1282e1a55686d3eddbd56a6c16dd410c8054fe97472cc34c72596372

SHA512
da29b2fbe4aaf33a5a101f8f2febabbdb44759dd66b31e44802679d051a553faa299dca25c3d120d43a20e430c481b91410da2c7f20f2f09a759489e03df02ee

Download Submit
C:\Users\Admin\.nexe_natives\win-dpapi\build\Release\node-dpapi.node

Filesize
141KB

MD5
d6da0e02ec3b47c8f1eaa6aae0d7c55d

SHA1
92d9276c2558d52d422dec2042c07bad5655fb4b

SHA256
fe408d3e1282e1a55686d3eddbd56a6c16dd410c8054fe97472cc34c72596372

SHA512
da29b2fbe4aaf33a5a101f8f2febabbdb44759dd66b31e44802679d051a553faa299dca25c3d120d43a20e430c481b91410da2c7f20f2f09a759489e03df02ee

Download Submit