Triage | Malware sandboxing report by Hatching Triage

Submit
Reports

Overview

overview

Static

static

625ab7856c...04.exe

windows7-x64

7

625ab7856c...04.exe

windows10-2004-x64

7

Sharing

General

Target

27b17d2159cb2d376643dd6ecdd01224.bin
Size

1MB
Sample

230610-bh4drsdh47
MD5

805d43e800ad750f7342bbd3353d5141
SHA1

0b9b48736e78324b6acc6a739615cf6056d2f0ef
SHA256

602c04375f1378b01de4a69b923d786b58f4ea12c2e6847e48340d91f31a7e07
SHA512

0bff648ae5e4c668d2f356b07384e1d387b7f7a57c79aebf1190d203cfafb766ddee51c810a134d453abb95add12c9d6b95c057c2cd92cf87c2e95047ede2d7c
SSDEEP

49152:FiEhq9vAEOy+N6CuCbYNKWL9vhzF7vQens4D1B/wMe9VZ:G9I/VuGYNKWjx7QB4RSv

Score

10^/10

privateloader discovery spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

625ab7856c3c34a7be37ae4d7cc640a775dbea37bf5e81c0716de2d80aadfc04.exe

Resource

win7-20230220-en

discovery spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

625ab7856c3c34a7be37ae4d7cc640a775dbea37bf5e81c0716de2d80aadfc04.exe

Resource

win10v2004-20230220-en

discovery spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  625ab7856c3c34a7be37ae4d7cc640a775dbea37bf5e81c0716de2d80aadfc04.exe
- Size
  
  4MB
- MD5
  
  27b17d2159cb2d376643dd6ecdd01224
- SHA1
  
  05d53771c76bf429ca338c4baed199152d714ce4
- SHA256
  
  625ab7856c3c34a7be37ae4d7cc640a775dbea37bf5e81c0716de2d80aadfc04
- SHA512
  
  9c8477a063afee5e583f564c7e4b584e2c38474b4c5e31bbaa3eaa9e26bfd742ca85960bf5199d2f9b1a42da27265486038e0bc87bae6dab6cb57d8d2090defb
- SSDEEP
  
  98304:Rp4/OosDaj0aK9xjcpzxoUVKz/PD091ky+6yq/vXX7P7CbXIKc5zD6sILTjblMSN:Jz/W1kBefiLIKcosI3jhMSN
Score

7^/10

discovery spyware stealer
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2023

Terms | Privacy