3c21b05bcaa6c46f2ace60ecfad5966ba7079fea0ddd02f2037c016b53322786 | Triage

Sharing

General

Target

3c21b05bcaa6c46f2ace60ecfad5966ba7079fea0ddd02f2037c016b53322786_JC.exe
Size

1.9MB
Sample

231003-rhyraadc65
MD5

3fd3a5baf7672d10cc88b3bf9f7c9c34
SHA1

2200831ca36c593ac1ab41d12a73ee879185b196
SHA256

3c21b05bcaa6c46f2ace60ecfad5966ba7079fea0ddd02f2037c016b53322786
SHA512

fabc2b8c84d6ecaaad118f7ad3178ce789b005b103d96f4489f28e25f03bf27433d9a89b022ff04e65a960b04fc552eaa3794db646bb8ced851859d7cd6a186b
SSDEEP

24576:p7mDJX49Dz+Hj77A0nygsz1bOR7bIK9PtoX9H8LRCef9g9j3:p/9Dz+HLtnMIR7/tdHi

Score

7^/10

spyware

Malware Config

Targets

- Target
  
  3c21b05bcaa6c46f2ace60ecfad5966ba7079fea0ddd02f2037c016b53322786_JC.exe
- Size
  
  1.9MB
- MD5
  
  3fd3a5baf7672d10cc88b3bf9f7c9c34
- SHA1
  
  2200831ca36c593ac1ab41d12a73ee879185b196
- SHA256
  
  3c21b05bcaa6c46f2ace60ecfad5966ba7079fea0ddd02f2037c016b53322786
- SHA512
  
  fabc2b8c84d6ecaaad118f7ad3178ce789b005b103d96f4489f28e25f03bf27433d9a89b022ff04e65a960b04fc552eaa3794db646bb8ced851859d7cd6a186b
- SSDEEP
  
  24576:p7mDJX49Dz+Hj77A0nygsz1bOR7bIK9PtoX9H8LRCef9g9j3:p/9Dz+HLtnMIR7/tdHi
Score

7^/10

spyware
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2