Overview

overview

8

Static

static

1

OIP.jpg

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OIP.jpg

  • Size

    7KB

  • Sample

    230331-vvfysadc6s

  • MD5

    06bc69557e18382b0bcf57400359c5a1

  • SHA1

    468dc9de3758c0cfdb11ad73bca7487b88c8bd88

  • SHA256

    2c66a5590ccd9ef4ddd1b33fc5853c506fd3c19103605b16d503d59b8869b04e

  • SHA512

    4550f4d109b10cec10473e3ebfc3ef4a6f438b7475bd7cf200ed836a5ae20293b5146b9a938bd564001259a6cecb268e9d8e7be153012dcedc932317a2990f96

  • SSDEEP

    192:NB1p3wXrTMSKaY9hSJOTY4kcqcOKTY4xPTVJWN:NB1pWTtY9hSJOrhO5N

Score
8/10
discoveryevasionspywarestealertrojan

Malware Config

Targets

    • Target

      OIP.jpg

    • Size

      7KB

    • MD5

      06bc69557e18382b0bcf57400359c5a1

    • SHA1

      468dc9de3758c0cfdb11ad73bca7487b88c8bd88

    • SHA256

      2c66a5590ccd9ef4ddd1b33fc5853c506fd3c19103605b16d503d59b8869b04e

    • SHA512

      4550f4d109b10cec10473e3ebfc3ef4a6f438b7475bd7cf200ed836a5ae20293b5146b9a938bd564001259a6cecb268e9d8e7be153012dcedc932317a2990f96

    • SSDEEP

      192:NB1p3wXrTMSKaY9hSJOTY4kcqcOKTY4xPTVJWN:NB1pWTtY9hSJOrhO5N

    Score
    8/10
    discoveryevasionspywarestealertrojan

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks