5772a906a31f122517d868725978155e36a49136ccf90f7a6e9d8423f86b5481 | Triage

Resubmissions

21/09/2023, 07:25

230921-h9ggmsgc45 7

21/09/2023, 07:15

230921-h3pvfagb35 8

Sharing

General

Target

PO.exe
Size

385KB
Sample

230921-h3pvfagb35
MD5

cb3189302cc617861bf7e82a97501db7
SHA1

e094abe55caf8ded3f3f9a9b0d26346589234750
SHA256

5772a906a31f122517d868725978155e36a49136ccf90f7a6e9d8423f86b5481
SHA512

34bafb7ff9117ea9875049648513079fb6f1eb1d39d3cc10edfa6ac2bf984b97fb4c83854d1d969f2e3c8f0122611f544f02aacff94c28b9a41ff87b06924d21
SSDEEP

12288:vYpG6CYyxy1mGMsvjRk/34gArcWlA2I5Vsn:vYpuxyOIy3bc7Qg

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  PO.exe
- Size
  
  385KB
- MD5
  
  cb3189302cc617861bf7e82a97501db7
- SHA1
  
  e094abe55caf8ded3f3f9a9b0d26346589234750
- SHA256
  
  5772a906a31f122517d868725978155e36a49136ccf90f7a6e9d8423f86b5481
- SHA512
  
  34bafb7ff9117ea9875049648513079fb6f1eb1d39d3cc10edfa6ac2bf984b97fb4c83854d1d969f2e3c8f0122611f544f02aacff94c28b9a41ff87b06924d21
- SSDEEP
  
  12288:vYpG6CYyxy1mGMsvjRk/34gArcWlA2I5Vsn:vYpuxyOIy3bc7Qg
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1