5dc3015899fea24b6c7b9099fc5e153a69395b4208a249cf9ab2ff9b26d7ae99 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

N. de pedi...39.exe

windows7-x64

7

N. de pedi...39.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

N. de pedido Z21239.exe
Size

706KB
Sample

230817-w12m4sdf2z
MD5

3843399a36f9d39da02586a0603a9f23
SHA1

d34937bf8c1c34f6f0f18ce9c52ce847f03a2fd4
SHA256

5dc3015899fea24b6c7b9099fc5e153a69395b4208a249cf9ab2ff9b26d7ae99
SHA512

707a61512a21fc7cdf74252fc3dbfb271abd941d51c35e1442dce569fb1d48b9ba01068d3917749a9730c57c48bfa59b3f3885f3485b522f0da81af5b66b0c87
SSDEEP

12288:SF8utV/OpSCyJZyAWIZuEXUHBu5VzB2eaZQlb6V4Qp0behgmFWHXjNqU:Du6pbyXKBVVmbs405l5U

Score

7^/10

spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

N. de pedido Z21239.exe

Resource

win7-20230712-en

spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

N. de pedido Z21239.exe

Resource

win10v2004-20230703-en

spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  N. de pedido Z21239.exe
- Size
  
  706KB
- MD5
  
  3843399a36f9d39da02586a0603a9f23
- SHA1
  
  d34937bf8c1c34f6f0f18ce9c52ce847f03a2fd4
- SHA256
  
  5dc3015899fea24b6c7b9099fc5e153a69395b4208a249cf9ab2ff9b26d7ae99
- SHA512
  
  707a61512a21fc7cdf74252fc3dbfb271abd941d51c35e1442dce569fb1d48b9ba01068d3917749a9730c57c48bfa59b3f3885f3485b522f0da81af5b66b0c87
- SSDEEP
  
  12288:SF8utV/OpSCyJZyAWIZuEXUHBu5VzB2eaZQlb6V4Qp0behgmFWHXjNqU:Du6pbyXKBVVmbs405l5U
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy