Analysis
-
max time kernel
144s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
09-10-2023 07:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230831-en
windows7-x64
6 signatures
150 seconds
General
-
Target
file.exe
-
Size
202KB
-
MD5
7b6d4016f4180dff9ec40c86c2c69dbd
-
SHA1
e01e23d4415e93791b604d7fead117e26dae6b11
-
SHA256
144d095e75069c2f771b0a37583ab6877c58a53199b4b88e22696f2fb08c0254
-
SHA512
d8712e878ac8c220b5bffcf8195583ed0704d3822efbcb4fcd7a12ac03bd6705bc2c8fbc9d14c5aec5459ac94545dc869039d045521ef9829de39b77726b5097
-
SSDEEP
3072:kHXH4mVoR3/izgbjT003F7IQOfvfflTUEoclMAvB5Zx5DB4:eY7R3nb300wXffJdWCL4
Malware Config
Extracted
Family
stealc
C2
http://jesseaustin.top
Attributes
-
url_path
/e9c345fc99a4e67e.php
rc4.plain
Signatures
-
Downloads MZ/PE file
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 file.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString file.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1480 file.exe 1480 file.exe