Analysis
-
max time kernel
139s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230824-en -
resource tags
arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system -
submitted
29/08/2023, 12:39
Static task
static1
General
-
Target
c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe
-
Size
588KB
-
MD5
f27e401f211c1ec6b903b55223a36bf4
-
SHA1
d6c7e39edb6cdbb393c84d31008ff9f131462903
-
SHA256
c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330
-
SHA512
5bd3c33dd7bed7df79821710011b14401d39d09739f5fdc96b7404f0d484b83c39f05ffbb433402263689ad7b77bfcfb4d75f1d63c71a141aa031ab8a64e8e41
-
SSDEEP
12288:GcRgVbIT/aB78Y9aJkDmzvFLg46Lmor16:XRgV0nSSdL4LrrE
Malware Config
Signatures
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe 2688 c42b0d200c2022fba3332dd1078cf1412ba37eb52bd74acf7edb4672b1d0f330.exe