66a259bcc78e70b7f21c21825453729e353f7a39391b4194430b54712e570862 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

9998428d52...dd.exe

windows7-x64

7

9998428d52...dd.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

9998428d529fe1aee505e1a431b0dbdd.exe
Size

943KB
Sample

230803-js9mjadd3w
MD5

9998428d529fe1aee505e1a431b0dbdd
SHA1

165623133613e7c4be8d301d7e3a9f9b5312ff7c
SHA256

66a259bcc78e70b7f21c21825453729e353f7a39391b4194430b54712e570862
SHA512

3c631721211f8068075cbd3e5cbe038c7140b558294f1ae939c61a0ed901d17598ad3cd7a834b588748f0659f9d2082ed7c3dffac44635131c3989ea44358793
SSDEEP

12288:5EKaJjKy2pRwd5+1KhkuIv9HpCbHFEz4x1wT/Khkqvk2T+xGiv/l8uqpS:gKL45lX8HGH+0fe4kJ2Sl8u

Score

7^/10

spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9998428d529fe1aee505e1a431b0dbdd.exe

Resource

win7-20230712-en

spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9998428d529fe1aee505e1a431b0dbdd.exe

Resource

win10v2004-20230703-en

spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  9998428d529fe1aee505e1a431b0dbdd.exe
- Size
  
  943KB
- MD5
  
  9998428d529fe1aee505e1a431b0dbdd
- SHA1
  
  165623133613e7c4be8d301d7e3a9f9b5312ff7c
- SHA256
  
  66a259bcc78e70b7f21c21825453729e353f7a39391b4194430b54712e570862
- SHA512
  
  3c631721211f8068075cbd3e5cbe038c7140b558294f1ae939c61a0ed901d17598ad3cd7a834b588748f0659f9d2082ed7c3dffac44635131c3989ea44358793
- SSDEEP
  
  12288:5EKaJjKy2pRwd5+1KhkuIv9HpCbHFEz4x1wT/Khkqvk2T+xGiv/l8uqpS:gKL45lX8HGH+0fe4kJ2Sl8u
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy