6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de

Analysis

max time kernel
87s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2023 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de.exe
Size

2.2MB
MD5

599aa41fade39e06daf4cdc87bb78bd7
SHA1

2543857b275ea5c6d332ab279498a5b772bd2bd4
SHA256

6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de
SHA512

05f7e77066cc734258e86a6622e64606afe38e748bd2d6496ed236b64ca05f9df0a10c49ed2a10ea635677f233dc40ce3745dcee0f97a1e46a1693736ddccf2c
SSDEEP

24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtT:PBozBdhEV7q8bOQnIFWY+3Je0wr

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

21 ipinfo.io
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
21	ipinfo.io

C:\Users\Admin\AppData\Local\Temp\6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de.exe
"C:\Users\Admin\AppData\Local\Temp\6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de.exe"
1⤵
PID:1052

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_W0_wE0_aE0_pE0_NL_{1877acc0-b1d5-11ed-8218-806e6f6e6963}_MdIo7krulr.zip
Filesize
4.0MB

MD5
47316285c362cb5ca19240fb833d7962

SHA1
dc1bcd73ff6712f7bbf9ea19e05fd9a1fe9c2207

SHA256
5ef2345f86925f40bc49dca64e101676654b68bf60d80ea23735525948920469

SHA512
b055d758a8e2ffbf0d6a149a4a9069c957bb7b3cfd4571a0e4a58415dbac3ccd7b88bbc9a1b50d82df1a65c70b84445eacdb6c68e5cf3ec9e4bc4362873a673e

Download Submit