Analysis
-
max time kernel
498s -
max time network
502s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
29-05-2023 03:39
General
-
Target
6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de.exe
-
Size
2.2MB
-
MD5
599aa41fade39e06daf4cdc87bb78bd7
-
SHA1
2543857b275ea5c6d332ab279498a5b772bd2bd4
-
SHA256
6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de
-
SHA512
05f7e77066cc734258e86a6622e64606afe38e748bd2d6496ed236b64ca05f9df0a10c49ed2a10ea635677f233dc40ce3745dcee0f97a1e46a1693736ddccf2c
-
SSDEEP
24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtT:PBozBdhEV7q8bOQnIFWY+3Je0wr
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes
-
C:\Users\Admin\AppData\Local\Temp\6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de.exe"C:\Users\Admin\AppData\Local\Temp\6903b00a15eff9b494947896f222bd5b093a63aa1f340815823645fd57bd61de.exe"1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD57ef0519ce9e0bb04808c88e53bfeca2c
SHA1a1de515118a784e91331ac374dee2f0965734f7f
SHA256abc8c95b80f72afbc7b80a5e6f3137d82617cf20f50bcd58cd6e8a59c8c26e0c
SHA5125038f293eb8010533d0b09aceef5f8777244538e3d4a3e557fe0aeeb0fe70acf7787821fe453f3ee60a49b84e6e68c33b47360d494ff531617d391079f2849d2