Overview

overview

7

Static

static

3

6903b00a15...de.exe

windows7-x64

1

6903b00a15...de.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    498s
  • max time network
    502s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-05-2023 03:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de.exe

  • Size

    2.2MB

  • MD5

    599aa41fade39e06daf4cdc87bb78bd7

  • SHA1

    2543857b275ea5c6d332ab279498a5b772bd2bd4

  • SHA256

    6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de

  • SHA512

    05f7e77066cc734258e86a6622e64606afe38e748bd2d6496ed236b64ca05f9df0a10c49ed2a10ea635677f233dc40ce3745dcee0f97a1e46a1693736ddccf2c

  • SSDEEP

    24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtT:PBozBdhEV7q8bOQnIFWY+3Je0wr

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • C:\Users\Admin\AppData\Local\Temp\6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de.exe
    "C:\Users\Admin\AppData\Local\Temp\6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de.exe"
    1⤵
      PID:1228

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Credentials in Files

    1
    T1081

    Discovery

    Query Registry

    1
    T1012

    Lateral Movement

    Collection

    Data from Local System

    1
    T1005

    Exfiltration

    Command and Control

    Web Service

    1
    T1102

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_W0_wE0_aE0_pE0_NL_{9e74baef-b191-11ed-b7c8-806e6f6e6963}_4B1q9Nl1R3.zip
      Filesize

      1.1MB

      MD5

      7ef0519ce9e0bb04808c88e53bfeca2c

      SHA1

      a1de515118a784e91331ac374dee2f0965734f7f

      SHA256

      abc8c95b80f72afbc7b80a5e6f3137d82617cf20f50bcd58cd6e8a59c8c26e0c

      SHA512

      5038f293eb8010533d0b09aceef5f8777244538e3d4a3e557fe0aeeb0fe70acf7787821fe453f3ee60a49b84e6e68c33b47360d494ff531617d391079f2849d2

      Download Submit