Overview

overview

7

Static

static

3

copy 48592.exe

windows7-x64

7

copy 48592.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    copy 48592.exe

  • Size

    631KB

  • Sample

    230807-ekrpjadd43

  • MD5

    5fc52428ef2c6aab6ed40d1410ef6203

  • SHA1

    862370e9936fded7484924f7a916c38da4cbf81b

  • SHA256

    42f8cd40a497fc10b8be5ce4e4888b943a34ec854b72fe960c35cdea9b51a50a

  • SHA512

    41df291451b13a5f6088e287ad71f7ab979b2d045ddf9e566d96503c304278e059970ac3f5fbb42b4a539348859bf0fc1c36d7af6bd9bf86f2b7888165e5a629

  • SSDEEP

    12288:V9TBtNTDCzXVFDJjW5FXB9KYSwTl+p24VekT6vMIyVLplKe:DT3tDCzFFlq5RBfB+LekaSLpl

Score
7/10
spywarestealer

Malware Config

Targets

    • Target

      copy 48592.exe

    • Size

      631KB

    • MD5

      5fc52428ef2c6aab6ed40d1410ef6203

    • SHA1

      862370e9936fded7484924f7a916c38da4cbf81b

    • SHA256

      42f8cd40a497fc10b8be5ce4e4888b943a34ec854b72fe960c35cdea9b51a50a

    • SHA512

      41df291451b13a5f6088e287ad71f7ab979b2d045ddf9e566d96503c304278e059970ac3f5fbb42b4a539348859bf0fc1c36d7af6bd9bf86f2b7888165e5a629

    • SSDEEP

      12288:V9TBtNTDCzXVFDJjW5FXB9KYSwTl+p24VekT6vMIyVLplKe:DT3tDCzFFlq5RBfB+LekaSLpl

    Score
    7/10
    spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks