Analysis
-
max time kernel
140s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
08-08-2023 19:59
Static task
static1
Behavioral task
behavioral1
Sample
download.exe
Resource
win7-20230712-en
General
-
Target
download.exe
-
Size
397KB
-
MD5
8f9de3ce238e237cc649d2db9fe890af
-
SHA1
b3fb0379b4e2679c0c1fa350b7962c2f54dd068b
-
SHA256
54ccee6fa601b22fc17e00f7bf48c9d33f103ea1d3ba6cc86986bfe19a624b4e
-
SHA512
3329c55fa753b0b8b80f4d2f2ca21319025237147a5359922aca806ca05f1e4c65c4fcae19df03bde9fdf170f4be177f025168338326d2f67f6d1711100bea3b
-
SSDEEP
6144:Wb7DLKaDVEjtEv1nOMIrPFEd/q+648/KfNdDyk2QRNIl0:ADLK2m+1nNAEh1zgk2h
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 15 api.ipify.org 16 api.ipify.org -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
download.exepid process 4548 download.exe 4548 download.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
download.exedescription pid process Token: SeDebugPrivilege 4548 download.exe