cead64a605e40cda42d2eabcb061b0726699711d8373fbb3687e230070a3c0f7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RegeditOP.rar
Size

16.6MB
Sample

230902-x6hymafc31
MD5

24001e0487636fc085b55ca5f7c70179
SHA1

0f023befbc9213e9d0d247e570b61cd8656fc0bc
SHA256

cead64a605e40cda42d2eabcb061b0726699711d8373fbb3687e230070a3c0f7
SHA512

baa89db6584d6904bfd478d872287e06ff330b7a4baf68d343d072441f1175c2f3b9a9eb2d1e8ebdde45d0e75b92cb31535b8dbcca63405faf2991e032e0ebe7
SSDEEP

393216:0Z7f+te8AwsBRE2MKyrZOiu6G7KSXpZ0eT:0Z7mc8ARBRE21SZOrh7KYpZ0M

Score

8^/10

evasion pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  ActivatorRegedit.exe
- Size
  
  84.8MB
- MD5
  
  276cf9220f4c33cfe57cdaf2458b5e26
- SHA1
  
  2abffc27233ca94115390f639570900b601e6611
- SHA256
  
  7a2dd832428eac212d4ed5deb16c363bad4cb0e8dedec997608ac659da8c8134
- SHA512
  
  80d097cb5d8616741668efe03731b36824bb0c6f0b1b3c8c82f3d26edb9614fff0dd0c009def66a5774ec3c7447b6b96602276095953040e25ab3ba51db69650
- SSDEEP
  
  393216:xDnaAMl1ldQusl7QwfrAZYCuPJO8SegA4tQiW9V:x2AEldQu2QwMJux0zAsUV
Score

8^/10

evasion spyware stealer
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  potenciador.dll
- Size
  
  4.4MB
- MD5
  
  9cc2152319659e37869ea950b490317e
- SHA1
  
  9a6c019b9275d0c6e7ddd685d8bf17f42a437a97
- SHA256
  
  a004daad0a044c4b7d01ddd3687666ea12392413d5974553cc0bc19905cad3d0
- SHA512
  
  befcdc4c877705376009d45f39e040a92b2e8a5a4e6df29920fbe79039dddc37beb495c80d9f558e6ae33900487204f8abfb85425e7012ad7afcc753f0083370
- SSDEEP
  
  98304:bDyMhRzW5wUDu+5Fm6/9I12b5pFdrUfc6SSIYU0ixAwRl+gSiqJI:HvjzIwUDu+5Fm6/9Igb5pW1NIYGCY+M
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealer

behavioral2