Analysis
-
max time kernel
493s -
max time network
496s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
29-05-2023 03:38
Static task
static1
Behavioral task
behavioral1
Sample
2a3942d213548573af8cb07c13547c0d52d1c3d72365276d6623b3951bd6d1b2.exe
Resource
win7-20230220-en
General
-
Target
2a3942d213548573af8cb07c13547c0d52d1c3d72365276d6623b3951bd6d1b2.exe
-
Size
2.2MB
-
MD5
41948cd77a6cf817b77be426968a6ad3
-
SHA1
7abc07e7f56fc27130f84d1c7935a0961bd58cb9
-
SHA256
2a3942d213548573af8cb07c13547c0d52d1c3d72365276d6623b3951bd6d1b2
-
SHA512
7b8265d773068f8fa7527106fa07ed9ac7378344617918ac5135ac8676ed109d717a8c7846232a5eb03ff40885d00e1672e624b3f3177359bdd56c748c59277d
-
SSDEEP
24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtQ:PBozBdhEV7q8bOQnIFWY+3Je0w4
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 3 ipinfo.io -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_W0_wE0_aE0_pE0_NL_{5cebde14-b1a3-11ed-bd92-806e6f6e6963}_4R1KFeqPTi.zip
Filesize2.6MB
MD5a1796174393463683b1a35f1f7b5c851
SHA15c6ece90094b6009e6b45fb677a82cb12c02c7f6
SHA256b115f047d2fc76adde73dbb4f50a6d8e6108d5cb317c647db270de288425161b
SHA5121652698eb5e96f331f1bcc589a5c756406b384c95480dff16c1a3ae73a5d30d9b3bc1a4887669d731361cbfcbfbd830aed847326ae16caebd03b83b638b01346