Analysis
-
max time kernel
87s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
26-05-2023 08:32
Static task
static1
Behavioral task
behavioral1
Sample
6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de.exe
Resource
win7-20230220-en
General
-
Target
6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de.exe
-
Size
2.2MB
-
MD5
599aa41fade39e06daf4cdc87bb78bd7
-
SHA1
2543857b275ea5c6d332ab279498a5b772bd2bd4
-
SHA256
6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de
-
SHA512
05f7e77066cc734258e86a6622e64606afe38e748bd2d6496ed236b64ca05f9df0a10c49ed2a10ea635677f233dc40ce3745dcee0f97a1e46a1693736ddccf2c
-
SSDEEP
24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtT:PBozBdhEV7q8bOQnIFWY+3Je0wr
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 21 ipinfo.io -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_W0_wE0_aE0_pE0_NL_{1877acc0-b1d5-11ed-8218-806e6f6e6963}_MdIo7krulr.zipFilesize
4.0MB
MD547316285c362cb5ca19240fb833d7962
SHA1dc1bcd73ff6712f7bbf9ea19e05fd9a1fe9c2207
SHA2565ef2345f86925f40bc49dca64e101676654b68bf60d80ea23735525948920469
SHA512b055d758a8e2ffbf0d6a149a4a9069c957bb7b3cfd4571a0e4a58415dbac3ccd7b88bbc9a1b50d82df1a65c70b84445eacdb6c68e5cf3ec9e4bc4362873a673e