3a107ff3822d7af29d41249ca2df4776a481b5f1bc8756e449896ff12e17105c | Triage

Resubmissions

08/10/2023, 14:50

231008-r7sxbsfe89 7

08/10/2023, 14:45

231008-r4rvvsdb9x 7

Sharing

Copy URL Twitter E-mail

General

Target

Cuville.exe
Size

67.2MB
Sample

231008-r4rvvsdb9x
MD5

3d2cf226adb8fcc6b235b11d518bb60b
SHA1

788c3a9abebe1fbca25b5f23bc01ff0f52b609fb
SHA256

3a107ff3822d7af29d41249ca2df4776a481b5f1bc8756e449896ff12e17105c
SHA512

39a1b50f742402cc46a61853d1888588727a6eeddafa89634a9c4593d1c2efec677628eeaab8ca30caa05a9d88231e2fea27391cfd4afb79c2bfc8fb22b60749
SSDEEP

1572864:4xF1s9gpdoqnR1fZOu/Yy/KAtkui9bTBBfnasCU:4xF1s+dbBIXyyAtviRy/U

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  Cuville.exe
- Size
  
  67.2MB
- MD5
  
  3d2cf226adb8fcc6b235b11d518bb60b
- SHA1
  
  788c3a9abebe1fbca25b5f23bc01ff0f52b609fb
- SHA256
  
  3a107ff3822d7af29d41249ca2df4776a481b5f1bc8756e449896ff12e17105c
- SHA512
  
  39a1b50f742402cc46a61853d1888588727a6eeddafa89634a9c4593d1c2efec677628eeaab8ca30caa05a9d88231e2fea27391cfd4afb79c2bfc8fb22b60749
- SSDEEP
  
  1572864:4xF1s9gpdoqnR1fZOu/Yy/KAtkui9bTBBfnasCU:4xF1s+dbBIXyyAtviRy/U
Score

7^/10

discovery spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Network Service Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer