Overview

overview

9

Static

static

3

e741fb9d0e...41.exe

windows7-x64

9

e741fb9d0e...41.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e741fb9d0eb11801dd163875479a8b56eff8ae5f3ca1987b996026f752693641.7z

  • Size

    64KB

  • Sample

    230604-rtpbzscd74

  • MD5

    bc6c297c00d8482ed2f0b123aa85f45d

  • SHA1

    adbbe4a0aa8b6aef91a319700c96352c41d14dc2

  • SHA256

    694ab49b3c24a79c24a5a4207dff4902df8f13dc4d43997398257152df6974cf

  • SHA512

    48ed19b9017d798e8d6969803b7e42a25a36d8ab5b72e5a1d9b5df88474756f51c99cbbd253b24ee9b711411e863421ee76be84435ea46a44e2fdde32c8793fb

  • SSDEEP

    1536:1JxUQlDfG1e2kzfGw0zL/CQFmLmgu4x7BYXkgusJwjPX86R:VlUcfGwSpFmLmdW7BQJwXL

Score
9/10
persistencespywarestealer

Malware Config

Targets

    • Target

      e741fb9d0eb11801dd163875479a8b56eff8ae5f3ca1987b996026f752693641

    • Size

      320KB

    • MD5

      1359c6354ca6f617b36c738abdb993bb

    • SHA1

      b0c6aff2a1725520bf76755375c2900ccfb2f742

    • SHA256

      e741fb9d0eb11801dd163875479a8b56eff8ae5f3ca1987b996026f752693641

    • SHA512

      d6ae88baf601fac71f360ce7dcfd1f40fb9c0fb8eedf1f502924e52a3abe83e1e80f103a3afda4ac1ed316c1e5e8a23b26017b0c96164dc49f36e57b016b5473

    • SSDEEP

      3072:0OXQ2G+IpQZQne73qe8UzT+nWwXjDRJWwXjDRgjDRbL7oZC:7vGlpQE4qNUzCr

    Score
    9/10
    persistencespywarestealer

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks