Overview

overview

7

Static

static

3

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    677KB

  • Sample

    230919-khkfbshh88

  • MD5

    d6777b28b0ce787b1e5f82038e6df85c

  • SHA1

    8a2f0361790cff8a442127f396e5f12bfba5a20d

  • SHA256

    5f4e4d9502a04dbe80b03c7005b05197998b15f93a5198976b470284b113c8f3

  • SHA512

    5f2c79999b398471add5e6ae6cab04c555e400278eb9727500d9128de36a43768ccb1f724001a71863e64c8f7de4a9c3f93ce56a242917f1a59f07dff628d7e2

  • SSDEEP

    12288:pNYpPhOBcGwizu8t0N6BCpF7O8URXbTudwJ4bOSJ/Jdy2jygzOdMeNcHNmPzR/Xp:zwVipzBC

Score
7/10
collectiondiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      file.exe

    • Size

      677KB

    • MD5

      d6777b28b0ce787b1e5f82038e6df85c

    • SHA1

      8a2f0361790cff8a442127f396e5f12bfba5a20d

    • SHA256

      5f4e4d9502a04dbe80b03c7005b05197998b15f93a5198976b470284b113c8f3

    • SHA512

      5f2c79999b398471add5e6ae6cab04c555e400278eb9727500d9128de36a43768ccb1f724001a71863e64c8f7de4a9c3f93ce56a242917f1a59f07dff628d7e2

    • SSDEEP

      12288:pNYpPhOBcGwizu8t0N6BCpF7O8URXbTudwJ4bOSJ/Jdy2jygzOdMeNcHNmPzR/Xp:zwVipzBC

    Score
    7/10
    collectiondiscoverypersistencespywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks