60f9710d90abd5afa424c219ec72d9f957060373975e91b543e85594876f4a48 | Triage

Submit
Reports

Overview

overview

Static

static

3

5593569a8c...e0.exe

windows7-x64

5593569a8c...e0.exe

windows10-2004-x64

Resubmissions

05/06/2023, 16:19

230605-tsga4aab5s 10

05/06/2023, 12:37

230605-ptf99sgf35 10

Sharing

General

Target

cc8638cd86f89b6713993edca48e37e9.bin
Size

587KB
Sample

230605-tsga4aab5s
MD5

30b4235f130173ad81507618f103cb6a
SHA1

22e985f20f6de14a01928958506237b4183bc159
SHA256

60f9710d90abd5afa424c219ec72d9f957060373975e91b543e85594876f4a48
SHA512

880a72c4f088072457f5259a7c04d834e931f9d376a9b2d4a5fc36721a728de3d43ce772486929ce173fcd608a9ec9dde6dabff4a35ecc17653ef367c0e01635
SSDEEP

12288:qL5tJPC/5mOysyW8Iel0WoNeFTQ1xQq/UNrBZwHbRwsPc3qkPr:q0/5hyPVDoNQQPWrBSHtwT7

Score

10^/10

evasion infostealer_generic persistence spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5593569a8cccb31bf93eaeee499c0af142d9c8ccf3b9169e6ddd24f7e81c95e0.exe

Resource

win7-20230220-en

evasion infostealer_generic persistence trojan

windows7-x64

12 signatures

300 seconds

Behavioral task

behavioral2

Sample

5593569a8cccb31bf93eaeee499c0af142d9c8ccf3b9169e6ddd24f7e81c95e0.exe

Resource

win10v2004-20230221-en

evasion infostealer_generic persistence spyware trojan

windows10-2004-x64

20 signatures

300 seconds

Malware Config

Targets

- Target
  
  5593569a8cccb31bf93eaeee499c0af142d9c8ccf3b9169e6ddd24f7e81c95e0.exe
- Size
  
  672KB
- MD5
  
  cc8638cd86f89b6713993edca48e37e9
- SHA1
  
  90b4da2d23d5df5d29f3a86e9f8383a435126213
- SHA256
  
  5593569a8cccb31bf93eaeee499c0af142d9c8ccf3b9169e6ddd24f7e81c95e0
- SHA512
  
  d9bceb56353ad4b4542fd1ce0237f3bd1b1542d3f7083b243dc1e435cad45f42aabd1a23e2db8c12db299b62ecce4db82a753e9458c6370354469e0b546281aa
- SSDEEP
  
  12288:lLYA9TJRcNEFAl/uqzFEqiPTriluFeutSfzoK6e5Zn7qBbQGyVoKMdW:lfJSy2u0EqiHilAeutSfzoK6gZgsCa
Score

10^/10

evasion infostealer_generic persistence trojan spyware
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Find unpacked information stealer based on possible SQL query to retrieve broswer data
  Detects infostealer.
  infostealer_generic
- Downloads MZ/PE file
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasioninfostealer_genericpersistencetrojan

behavioral2

evasioninfostealer_genericpersistencespywaretrojan

© 2018-2025

Terms | Privacy