64db0ce4b48466deb70395bfe2763f916c2cf1f7e967a266dc42484a02c83c1c | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.PWSX-gen.27518.7766.exe
Size

664KB
Sample

230823-e38qrsbb91
MD5

9a4cca3a872d03c8793d559433e72b2d
SHA1

86e38150b982bec8452e447e7b5cea0d51a1281b
SHA256

64db0ce4b48466deb70395bfe2763f916c2cf1f7e967a266dc42484a02c83c1c
SHA512

1ea7250da41de8f9e3fd5d2d93dd507c7c996a0b21edbd95ffaf6f8081623854ff9dea9edd6e96a3181268b67689636dd6c89c7f6da609a6f669d1d5cc1b0019
SSDEEP

12288:VodG2d1mbT1w2esHoDXGOD6dQZuRghV98ZsJ9iMvCycVuHTv48:ekasIygHuyvoUTvX

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.27518.7766.exe
- Size
  
  664KB
- MD5
  
  9a4cca3a872d03c8793d559433e72b2d
- SHA1
  
  86e38150b982bec8452e447e7b5cea0d51a1281b
- SHA256
  
  64db0ce4b48466deb70395bfe2763f916c2cf1f7e967a266dc42484a02c83c1c
- SHA512
  
  1ea7250da41de8f9e3fd5d2d93dd507c7c996a0b21edbd95ffaf6f8081623854ff9dea9edd6e96a3181268b67689636dd6c89c7f6da609a6f669d1d5cc1b0019
- SSDEEP
  
  12288:VodG2d1mbT1w2esHoDXGOD6dQZuRghV98ZsJ9iMvCycVuHTv48:ekasIygHuyvoUTvX
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2