Overview

overview

7

Static

static

1

doenerium_...uB.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    doenerium_snlyEAuB.exe

  • Size

    69.0MB

  • Sample

    230610-plfzjafa32

  • MD5

    872c60437702166ffa33b459f809a891

  • SHA1

    5335078016d34eb3397697e1f79841fafa91a666

  • SHA256

    4ee988a743b0068cbb61cd578b79992d9e9d758279163955733be4e54f6388f9

  • SHA512

    6907873957796b7a6ca314ac0617886637b12b0c007e6ba183a64913cef2d291f4fa6597b8c3807e62661b20dff3d1984b11df68acbab0b01c7787e84ab17ea8

  • SSDEEP

    1572864:gjddGvrzY8MlKJoveJtuMwk6NYUIh773vj49jh53ngX+37V40RzhF:YGvrkTEJove9wk6N/g7vjqH3zDF

Score
7/10
spywarestealer

Malware Config

Targets

    • Target

      doenerium_snlyEAuB.exe

    • Size

      69.0MB

    • MD5

      872c60437702166ffa33b459f809a891

    • SHA1

      5335078016d34eb3397697e1f79841fafa91a666

    • SHA256

      4ee988a743b0068cbb61cd578b79992d9e9d758279163955733be4e54f6388f9

    • SHA512

      6907873957796b7a6ca314ac0617886637b12b0c007e6ba183a64913cef2d291f4fa6597b8c3807e62661b20dff3d1984b11df68acbab0b01c7787e84ab17ea8

    • SSDEEP

      1572864:gjddGvrzY8MlKJoveJtuMwk6NYUIh773vj49jh53ngX+37V40RzhF:YGvrkTEJove9wk6N/g7vjqH3zDF

    Score
    7/10
    spywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks