a572d3fb2024390e62114d93553732b2bc1ceb3402ee313fd38187aaf30a4c0e | Triage

Submit
Reports

Overview

overview

7

Static

static

3

8104ecb1b3...f4.exe

windows7-x64

7

8104ecb1b3...f4.exe

windows10-2004-x64

7

Sharing

General

Target

8104ecb1b303426f8aa3315947ce26f4.bin
Size

69.0MB
Sample

230702-b6k74abd6y
MD5

8104ecb1b303426f8aa3315947ce26f4
SHA1

75f88a304f398e160ebcb200b426f2c83ce0653c
SHA256

a572d3fb2024390e62114d93553732b2bc1ceb3402ee313fd38187aaf30a4c0e
SHA512

10ba1050f4e145889a156ac2a25d24a02392a37b14f80f1d42ad5234c74971d864a64372b7ca0b3f5bfab82b469a68c16661b963c6cbbc6071def91d9c419798
SSDEEP

1572864:sjddGvXzeL4x1RipJJBthhAQaRAVvhHUzqkbeIq6o3LuLCwCym0LN7:8GvXfgpJHzmQ++Z8qkbeIqz3LuOyLN7

Score

7^/10

spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8104ecb1b303426f8aa3315947ce26f4.exe

Resource

win7-20230621-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

8104ecb1b303426f8aa3315947ce26f4.exe

Resource

win10v2004-20230621-en

spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  8104ecb1b303426f8aa3315947ce26f4.bin
- Size
  
  69.0MB
- MD5
  
  8104ecb1b303426f8aa3315947ce26f4
- SHA1
  
  75f88a304f398e160ebcb200b426f2c83ce0653c
- SHA256
  
  a572d3fb2024390e62114d93553732b2bc1ceb3402ee313fd38187aaf30a4c0e
- SHA512
  
  10ba1050f4e145889a156ac2a25d24a02392a37b14f80f1d42ad5234c74971d864a64372b7ca0b3f5bfab82b469a68c16661b963c6cbbc6071def91d9c419798
- SSDEEP
  
  1572864:sjddGvXzeL4x1RipJJBthhAQaRAVvhHUzqkbeIq6o3LuLCwCym0LN7:8GvXfgpJHzmQ++Z8qkbeIqz3LuOyLN7
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy