Analysis
-
max time kernel
90s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
05-07-2023 14:44
General
-
Target
032c9162d162aaexeexeexeex.exe
-
Size
32KB
-
MD5
032c9162d162aa7ea4fc3695cd8dc9e1
-
SHA1
4fd9de268f53d879495366aa477dadd22eabc1a4
-
SHA256
3596b46583f98813950cd42a7d661238962301ffa1145e34b127616a3075c3ec
-
SHA512
7c2bd46b0a633cb20c2a4617c102a26fb0dbc830809c8900f40edb5335a301e7f3d32542ea7422d56880d3f8cd2a8211bd7b9bb3d35d9cb7b5731924957a5475
-
SSDEEP
384:/qtPs5bv1NFartVH0Qw7ZubdQSsP+eZe4FzMgKZyIFWhyXHeU/x+Ha:0YL1NFartN0NIkvzMgKZ5WhyXH46
Malware Config
Extracted
C:\Users\Admin\3D Objects\README.txt
http://xijymvzq4zkyubfe.onion.to
http://xijymvzq4zkyubfe.onion.city
http://xijymvzq4zkyubfe.onion
Signatures
-
Drops startup file 4 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 30 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
-
C:\Users\Admin\AppData\Local\Temp\032c9162d162aaexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\032c9162d162aaexeexeexeex.exe"1⤵
- Drops startup file
- Drops desktop.ini file(s)
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD56aebb9ad8b0b4abb9dd33f0cf541cd68
SHA1c8ed4b2aa6aa35db14ea3c9ec5d1b7ebf87eb3a2
SHA256d9f6fd9e045d5add8ec04201ee4714f9f7de8a041f14728d10cb6833e4739f94
SHA5129288c03418c7a1d2c02eab04f2b61fa4ccd4880d808405a12e9bd21a73ad14d523da23fe12f475ac00a825718544ec643d71a76e70f9fadc522ddca646175f18
-
Filesize
3.1MB
MD53c9d777dad1066ef08560f06756e9fd5
SHA177cd4cb6d28c25350d7c7623c500e16171fd0884
SHA25697d9ca046cae57c3b568bb614f9414837383dd90d56f82260faa5dec529be95a
SHA51242c3a0f24bd522cb8f757ed73740c92c55113584b3fe679a16862db9014cda72dafbfe3aeef0e0718e69b7e6611f08869dc38494fd00ad648751b53f7261a41a
-
Filesize
48B
MD56de5975699ad8bb9775197f0816fb254
SHA19d390c23eadb40578f44d925f3ecd4bb252c2085
SHA25608be9850c4f337b2bc33c719341f22740f09838afacf1768eb735e5ac92646f0
SHA5122288f1a20a61eda4023bc7ea270fc64691597bb38511b9b87115489d2865b4a0499a88b8a730ef511366ab64d2d8d89f26b031d0701e11ef739cf4dd60ab67d0
-
Filesize
48B
MD5d5b471c872cd4c6abc1a99f5dbcca107
SHA1fb9315c4241d5abae983b2a4486a9fc741c07aeb
SHA25634f39f15c2fed392b7f44de84196b04b51011cb80f7e56dc7761dbcbcfb7a3df
SHA51215f914ed65387e4743f95f47d8ac1134aaa9c68194cd96b58c01095a907dec6b5a97968675c417148da1ad897b1c7fae3f30fe4b22efbfd3aa9bb14f171217ae
-
Filesize
77KB
MD5b4966e195ca39f650cd6eec053b44622
SHA13ffc10046b6a7e98ae6eb851a9cc051e11a9f50e
SHA256b0645e36a6880c8ae26a09956c19a2d6f2177f0ac4750fe5bfaeda4477efb5a6
SHA5124c176bbc35ee9d0a27e38d0f2cdac402350cc490b622e784cbe128bfe9cb211607503b8774c48d29e175d8fc0aa5491fc177954de68c2e76f97849b8e6f154c5
-
Filesize
48KB
MD5c08b04c5fdf2b84bd16c125d17d825aa
SHA135dcbff4b0277396e4beea91982523f29bfdd62f
SHA256d4513cd9cb49be551bd2564c7b742921ff26ef58898a772d467392913f4e9e90
SHA512ed8f437cab4c69af1ef88fed8e8c4834f929b5567fbf0edb9bdc08a8015a55ca8f8062d1342181e6f3dea5333718e3dc772b0ef7168cb2baed9603dabc9fe609
-
Filesize
65KB
MD598e1a3703bed26f2a5c598b93c797352
SHA143fda598f6ae8a003bc7239aecb1bfe2aa77fa1d
SHA2561c1f1179fc8ed667de345d57ab482848a2aab1660d5b0a7fa6f8f231429f59fa
SHA512423980cd2a428d39799303fef3775668121e5f195e40ab6767c1fce5c2ac344ea2f008f8858525fc80bc0021cc7c8902bc291c8bd8c51cfc51bd5ad8b61da2b8
-
Filesize
75KB
MD579ac93b19f9b8121ee0c99d6030eb6ec
SHA1dd7ceacc52e0d3356dabf182915c7794c10418df
SHA2560a59d7f9d083112c7b2e8b3ee1c9458f613671ccb7b3ddae60e7359545f3dab1
SHA5126ef1bfd73b4ca6b882e1c695748bb301e12bf2aa94ae28bbe93d38be4421ad84373b22e72b94c01f9489822bed34c821c1f4c0ed281e16e4e3ebe1e4d9525808
-
Filesize
63KB
MD55bbec170e28840603f527f7e9bf1385c
SHA12d83a413b18b5bc3e8dd3a15e17b359a13a60146
SHA2567ebfe6a06b82326ddae61f25af9047201c52ec257fbd47efd7d9d48875b3bf0d
SHA51231ab11f5d4b34ba471970298e0fc6036905cc596e444e9eff5fe79364e07cf0d1720639804b0fa277442a4057d1d2d3ceca0e5c68671d7e51a77fc4e1ad859c8
