53fb66327411d80dc985b6434cea4da46016f33ac8f037f0845ba26000b9469d | Triage

Sharing

General

Target

crazydownsetup.exe
Size

66.0MB
Sample

230703-ez4bwaef87
MD5

901bab70e5880e6a62010b39ff9d7f40
SHA1

06f0b26ee99d0e69b497455e50d6095e93bce986
SHA256

53fb66327411d80dc985b6434cea4da46016f33ac8f037f0845ba26000b9469d
SHA512

4b8a1f23fbd2c65db9f644c10f07c1a6c8e369d808d1e1d8e62037b5b5af7fb9aa725d717802f91b63bbf513ed4c49c5e2d0ac553944797cf1b18dfc2c0e244e
SSDEEP

1572864:jKTTF20hk/n8chTPO8vJ4n1vy0XTDrz3m8gH3JAlNoRF7:OXF20hcn8chHuv7TD/2HXQNoj7

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  crazydownsetup.exe
- Size
  
  66.0MB
- MD5
  
  901bab70e5880e6a62010b39ff9d7f40
- SHA1
  
  06f0b26ee99d0e69b497455e50d6095e93bce986
- SHA256
  
  53fb66327411d80dc985b6434cea4da46016f33ac8f037f0845ba26000b9469d
- SHA512
  
  4b8a1f23fbd2c65db9f644c10f07c1a6c8e369d808d1e1d8e62037b5b5af7fb9aa725d717802f91b63bbf513ed4c49c5e2d0ac553944797cf1b18dfc2c0e244e
- SSDEEP
  
  1572864:jKTTF20hk/n8chTPO8vJ4n1vy0XTDrz3m8gH3JAlNoRF7:OXF20hcn8chHuv7TD/2HXQNoj7
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3