3f72591433da80052971c43f28a8ab766f65f7218e00b1fcd9d525194cb12915 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

meme.exe
Size

556KB
Sample

230601-v4htqsfh7s
MD5

df2e01d107a2aa76ad98d67fd02bd6ea
SHA1

ba8251d27b64d807b7f0ffefad0d5c3f0335967f
SHA256

3f72591433da80052971c43f28a8ab766f65f7218e00b1fcd9d525194cb12915
SHA512

22cd0aa3bd5895589e4b9f5446acf62a8e86ae8b2d396f2e222fa7483f5c6f17adc33023b4b34957cd7b7bb6135782ba95827476247e50e1c888860c489c8762
SSDEEP

12288:UjOtvHMm5xQwtjAYV013LjlBfnP8rlo7hvb/aUicDoUsc:IOtT5xL8Z/PmKWGoUsc

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  meme.exe
- Size
  
  556KB
- MD5
  
  df2e01d107a2aa76ad98d67fd02bd6ea
- SHA1
  
  ba8251d27b64d807b7f0ffefad0d5c3f0335967f
- SHA256
  
  3f72591433da80052971c43f28a8ab766f65f7218e00b1fcd9d525194cb12915
- SHA512
  
  22cd0aa3bd5895589e4b9f5446acf62a8e86ae8b2d396f2e222fa7483f5c6f17adc33023b4b34957cd7b7bb6135782ba95827476247e50e1c888860c489c8762
- SSDEEP
  
  12288:UjOtvHMm5xQwtjAYV013LjlBfnP8rlo7hvb/aUicDoUsc:IOtT5xL8Z/PmKWGoUsc
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2