Overview

overview

8

Static

static

3

140000000....ry.exe

windows7-x64

3

140000000....ry.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    140000000.filehistory.exe

  • Size

    435KB

  • Sample

    230502-2k2aasch44

  • MD5

    d1a29ae7e04374c4dd68058e51c7d55d

  • SHA1

    23c3e319b1b301b00e52f950df00a9aa056f6cfd

  • SHA256

    d471be2737c03a4adc00e5cec0e55a785ae718429f5d946a296c899bafa2c83d

  • SHA512

    32ee15a2cbc897504efd45ba6d6e11355c069333ed31d0513957e2bad80ef8982f6c19e321cafc657c37b758d2b6735d6b5bdb26665cbbf34d266b65b7a88b87

  • SSDEEP

    12288:US/t30aR8Ot+MVYH9mJ8fxsZTPM8VzT121n:L/lj9a+B

Score
8/10
collectionevasionspywarestealer

Malware Config

Targets

    • Target

      140000000.filehistory.exe

    • Size

      435KB

    • MD5

      d1a29ae7e04374c4dd68058e51c7d55d

    • SHA1

      23c3e319b1b301b00e52f950df00a9aa056f6cfd

    • SHA256

      d471be2737c03a4adc00e5cec0e55a785ae718429f5d946a296c899bafa2c83d

    • SHA512

      32ee15a2cbc897504efd45ba6d6e11355c069333ed31d0513957e2bad80ef8982f6c19e321cafc657c37b758d2b6735d6b5bdb26665cbbf34d266b65b7a88b87

    • SSDEEP

      12288:US/t30aR8Ot+MVYH9mJ8fxsZTPM8VzT121n:L/lj9a+B

    Score
    8/10
    collectionevasionspywarestealer

    • Blocklisted process makes network request

    • Modifies Windows Firewall

      evasion

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks