Overview

overview

8

Static

static

1

tmp.exe

windows7-x64

8

tmp.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    tmp

  • Size

    901KB

  • Sample

    230327-esk7qadf2s

  • MD5

    03c74286887866a799f7cafdc096efda

  • SHA1

    60c04a4bb9c276fd69097698e56994e81aaafbdb

  • SHA256

    1159e2d483433bd5397e9a41dc4e8200fb927a6ca3192bb47eb6ae3a033ef94e

  • SHA512

    0e988d1016cd59e3dd13caf79281544dd23524f219bf21e4b8a7839740bdc4692fb8372622696094b8c7068997ce25c29c57d99817b001b0a90d0f99e2ed2ce8

  • SSDEEP

    12288:PDo2SUvKmqHBvJMbxnpvk6ZKJq0vsXuVYmVNYUId8kjLtOwu9T69I1VRn2L6FDh9:C+a5JMFnW+emqYmVNxQ269IHx2L6Fv

Score
8/10
spywarestealer

Malware Config

Targets

    • Target

      tmp

    • Size

      901KB

    • MD5

      03c74286887866a799f7cafdc096efda

    • SHA1

      60c04a4bb9c276fd69097698e56994e81aaafbdb

    • SHA256

      1159e2d483433bd5397e9a41dc4e8200fb927a6ca3192bb47eb6ae3a033ef94e

    • SHA512

      0e988d1016cd59e3dd13caf79281544dd23524f219bf21e4b8a7839740bdc4692fb8372622696094b8c7068997ce25c29c57d99817b001b0a90d0f99e2ed2ce8

    • SSDEEP

      12288:PDo2SUvKmqHBvJMbxnpvk6ZKJq0vsXuVYmVNYUId8kjLtOwu9T69I1VRn2L6FDh9:C+a5JMFnW+emqYmVNxQ269IHx2L6Fv

    Score
    8/10
    spywarestealer

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks