Overview

overview

10

Static

static

1

MDE_File_S...23.zip

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MDE_File_Sample_a44674bb518d90a3bfdf290d47f6c656a2b203cf5ee461f064ed84388051b623.zip

  • Size

    1.7MB

  • Sample

    230822-jv45tsah62

  • MD5

    d1dac5204f0d745d1d23be20291e4b44

  • SHA1

    17740cbb7af9ab28707a5122ad083cf9d310756a

  • SHA256

    224782e18b75ded2def712c640cd8e30b6380d44ab1ab790bfe23641698e6395

  • SHA512

    15580711c0c16adcaf8d0671834a84bfd48143916dd32c0e130884c391cbb762689db6113a5aa2c3fd39528b340d2724154f763ddd6aff28765cc428deab0c56

  • SSDEEP

    49152:I7Hnv6yb9p4Oq48N3yUw1X7M7tuBudIkae:I7PFb9pBcizo5ue

Score
10/10
spyware

Malware Config

Targets

    • Target

      MDE_File_Sample_a44674bb518d90a3bfdf290d47f6c656a2b203cf5ee461f064ed84388051b623.zip

    • Size

      1.7MB

    • MD5

      d1dac5204f0d745d1d23be20291e4b44

    • SHA1

      17740cbb7af9ab28707a5122ad083cf9d310756a

    • SHA256

      224782e18b75ded2def712c640cd8e30b6380d44ab1ab790bfe23641698e6395

    • SHA512

      15580711c0c16adcaf8d0671834a84bfd48143916dd32c0e130884c391cbb762689db6113a5aa2c3fd39528b340d2724154f763ddd6aff28765cc428deab0c56

    • SSDEEP

      49152:I7Hnv6yb9p4Oq48N3yUw1X7M7tuBudIkae:I7PFb9pBcizo5ue

    Score
    10/10
    spyware

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks