f7b3caf96d26314be264310c3440d238a22205e841c3991b508a920ac430d4b3 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

winprofile

windows7-x64

8

winprofile

windows10-1703-x64

8

Sharing

General

Target

f7b3caf96d26314be264310c3440d238a22205e841c3991b508a920ac430d4b3
Size

366KB
Sample

230610-ffcv9aec34
MD5

df3795e6842e839cf45e694b7164ee17
SHA1

7e4759a3f10adbea349df5be94c96cbf327e4ce7
SHA256

f7b3caf96d26314be264310c3440d238a22205e841c3991b508a920ac430d4b3
SHA512

769c3870e0733ec32180116f08afe31aeaf8d2a195c05ec4cf5c677d3be20a9a7c27f1001a17be3409de8a6e05207f07eb63be98eefa707030773152b2fd37f7
SSDEEP

6144:i1gh1VbPonZFGyykMuMn3ui8JLy74qbSIpHCbeIEnrTNx:i18OAyyk/23+JG74qbZikFx

Score

8^/10

spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

f7b3caf96d26314be264310c3440d238a22205e841c3991b508a920ac430d4b3.exe

Resource

win7-20230220-en

windows7-x64

3 signatures

300 seconds

Behavioral task

behavioral2

Sample

f7b3caf96d26314be264310c3440d238a22205e841c3991b508a920ac430d4b3.exe

Resource

win10-20230220-en

spyware stealer

windows10-1703-x64

15 signatures

300 seconds

Malware Config

Targets

- Target
  
  f7b3caf96d26314be264310c3440d238a22205e841c3991b508a920ac430d4b3
- Size
  
  366KB
- MD5
  
  df3795e6842e839cf45e694b7164ee17
- SHA1
  
  7e4759a3f10adbea349df5be94c96cbf327e4ce7
- SHA256
  
  f7b3caf96d26314be264310c3440d238a22205e841c3991b508a920ac430d4b3
- SHA512
  
  769c3870e0733ec32180116f08afe31aeaf8d2a195c05ec4cf5c677d3be20a9a7c27f1001a17be3409de8a6e05207f07eb63be98eefa707030773152b2fd37f7
- SSDEEP
  
  6144:i1gh1VbPonZFGyykMuMn3ui8JLy74qbSIpHCbeIEnrTNx:i18OAyyk/23+JG74qbZikFx
Score

8^/10

spyware stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy