e0ab9cb803607ae567be2c05100b818c90f21161918ea5a55b999f88d0b99e94 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pavan.exe
Size

212KB
Sample

230818-pshrpshe26
MD5

2d20910beb6db5471737edd427731dc9
SHA1

b2229dd6849b53ee2e2048460b3c876e19ecf4b1
SHA256

e0ab9cb803607ae567be2c05100b818c90f21161918ea5a55b999f88d0b99e94
SHA512

1a63a1abdc42ce8e60eae3fa4d0cc350b4f2324d608ac8806605281949c9875c8faa5ae7d2c39e64ea455d6ffd50ca574988edd0e919e97b4fda32dfad00c761
SSDEEP

3072:jFNLSeODpJpfYTCOoShKmECPTKBWFPkl6WQreEmUw69bqjD1JxQP:jFAUCOoSEmkWeILeE9w69bqHy

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  pavan.exe
- Size
  
  212KB
- MD5
  
  2d20910beb6db5471737edd427731dc9
- SHA1
  
  b2229dd6849b53ee2e2048460b3c876e19ecf4b1
- SHA256
  
  e0ab9cb803607ae567be2c05100b818c90f21161918ea5a55b999f88d0b99e94
- SHA512
  
  1a63a1abdc42ce8e60eae3fa4d0cc350b4f2324d608ac8806605281949c9875c8faa5ae7d2c39e64ea455d6ffd50ca574988edd0e919e97b4fda32dfad00c761
- SSDEEP
  
  3072:jFNLSeODpJpfYTCOoShKmECPTKBWFPkl6WQreEmUw69bqjD1JxQP:jFAUCOoSEmkWeILeE9w69bqHy
Score

7^/10

spyware stealer
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2