e7df475c90b173430ea4bc85e2006a7e03b7ada50323c1e9fc6dc85d6265a18f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

App1234.exe
Size

4.0MB
Sample

231001-v7mxvscb8t
MD5

e8a7ed6986b1178188c27b9761f39762
SHA1

3693c63cbe3ca5812d69b6afc64aff27fcd486ba
SHA256

e7df475c90b173430ea4bc85e2006a7e03b7ada50323c1e9fc6dc85d6265a18f
SHA512

f561b04e9402ad93a2c43e3c2f3ac264c9f7dad7a133fc0bcb5d5f682d2f6c7e0935c1da3855840c834c63459b1566fd5cace8c0f438e883e489bbfc4663afea
SSDEEP

98304:B3CNpyBPtb7dRfe/HEkxUzTFDxbIVZNjn98ftpkHf:B2Itb7dRfe/HEeUzTXYbu7

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  App1234.exe
- Size
  
  4.0MB
- MD5
  
  e8a7ed6986b1178188c27b9761f39762
- SHA1
  
  3693c63cbe3ca5812d69b6afc64aff27fcd486ba
- SHA256
  
  e7df475c90b173430ea4bc85e2006a7e03b7ada50323c1e9fc6dc85d6265a18f
- SHA512
  
  f561b04e9402ad93a2c43e3c2f3ac264c9f7dad7a133fc0bcb5d5f682d2f6c7e0935c1da3855840c834c63459b1566fd5cace8c0f438e883e489bbfc4663afea
- SSDEEP
  
  98304:B3CNpyBPtb7dRfe/HEkxUzTFDxbIVZNjn98ftpkHf:B2Itb7dRfe/HEeUzTXYbu7
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2