76878fc185f99aebb7146795d744cfec798d73bb231e42be286cd259d4b5e597 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

Arial.exe

windows10-1703-x64

7

Resubmissions

12-07-2023 10:27

230712-mg3lmacg75 7

12-07-2023 10:18

230712-mbzmsadg5w 7

Sharing

General

Target

MDE_File_Sample_d158f3cfb47665928c5d304495fa99050a9e4c5b8d54332d400eec78bd7f98b6.zip
Size

100KB
Sample

230712-mg3lmacg75
MD5

51322fc00ac2041d27ac502ffb19090a
SHA1

7a722505815c1a194d461e9dc80257e25c935ff6
SHA256

76878fc185f99aebb7146795d744cfec798d73bb231e42be286cd259d4b5e597
SHA512

11fd5bb61fb1672ef233ab117764b3a88c21104501d0d60d96dbfb2f7ab96c53e2adae5fb8d0f6b7faaac6af2923b1bc689d4dadfdd57d94a6b8a14c4d0268f6
SSDEEP

3072:dA5vK4AbzDwbQEKhuKLFIRjzARB/T5UzU/5Vb6ojz3N:a5vK4Av05KuR/ARB/T5V/5gojz3N

Score

7^/10

persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Arial.exe

Resource

win10-20230703-en

persistence spyware stealer

windows10-1703-x64

13 signatures

600 seconds

Malware Config

Targets

- Target
  
  Arial.exe
- Size
  
  204KB
- MD5
  
  0c0a3d01c45f66056d607bbad486b39b
- SHA1
  
  d96aa9b9fe3a0515d70f3e909f00c865dfc5821c
- SHA256
  
  d158f3cfb47665928c5d304495fa99050a9e4c5b8d54332d400eec78bd7f98b6
- SHA512
  
  76fcb32eb095ba719f8f532937641ce6d3e4918a559377dbe6f125c4aa9ad8ba0f390710efc912e2c19c59c2f03ce523e07b202e12014e634b5217c709fdf80e
- SSDEEP
  
  3072:1JqmvLa0w5DElSlF8Af4a3uG+07J4txJt:1JqmvLaNyWFzv+07J4Jt
Score

7^/10

persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

© 2018-2024

Terms | Privacy