1bc5ebe5370f67ba1e850ecb4c4faf66103c606675d76df6e480785664d14375

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 00:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bc5ebe5370f67ba1e850ecb4c4faf66103c606675d76df6e480785664d14375.exe
Size

4.1MB
MD5

21d41f2ea3685a369e70b4e866271d06
SHA1

0fca4538bee72428b3c23478b696c90f4d2ebefb
SHA256

1bc5ebe5370f67ba1e850ecb4c4faf66103c606675d76df6e480785664d14375
SHA512

37afb1b9228bacf36587a2b5c77e6b611ee709756be0410ed135d21974fc67ffb147877dc4ee909a3dcbf729874ca81bb788944cb817ff9f583a4b13aeef2b71
SSDEEP

98304:iJAhsIKnv2lkxfvmeEfxkuy6sOTViWcimiEkxRSl7v3jullUNDDb+:iJWsFhtmejV6HT8wx63juHUNr

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1744	1bc5ebe5370f67ba1e850ecb4c4faf66103c606675d76df6e480785664d14375.exe
1744	1bc5ebe5370f67ba1e850ecb4c4faf66103c606675d76df6e480785664d14375.exe
1744	1bc5ebe5370f67ba1e850ecb4c4faf66103c606675d76df6e480785664d14375.exe
1744	1bc5ebe5370f67ba1e850ecb4c4faf66103c606675d76df6e480785664d14375.exe

C:\Users\Admin\AppData\Local\Temp\1bc5ebe5370f67ba1e850ecb4c4faf66103c606675d76df6e480785664d14375.exe
"C:\Users\Admin\AppData\Local\Temp\1bc5ebe5370f67ba1e850ecb4c4faf66103c606675d76df6e480785664d14375.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\CentBrowser\User Data\Default\Bookmarks.tmp

Filesize
1KB

MD5
4f7c7875687d8f18c41ad33262c68e5c

SHA1
92ecd23e49191ea878043c68f4fa0aca16cbe8b4

SHA256
bdd5ec90043b7bd60bfbeab6906c3aa3785e84bb8a8b976d5e15598097917ac3

SHA512
0fbf7cf08bf3cc230575755e097c12d013bdfea908eb2e50fa6e196e60711578979e4757a4f4a2f361c4be691eb0e9415779b9322182d2ab99dd657e587cd3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\MyExt\defTool\gihmcpnnjcfkfocbedkoambhkkaimnij\manifest.json

Filesize
956B

MD5
8356111e91931b26ce9f45777fcebada

SHA1
723cdcc783d2f4e269697f192a92ed58bff6a20e

SHA256
bf226f280c503ba49803c53ab610b9c3eebd3afd1cf8d90782b418ce442b2ef9

SHA512
039bd3186f72d38ead67f5e0d9e9197ba297a4bf83922372b4c24becb375ed811c917e4f3e1b786a4acb34b4117cd45d759591398bf5249ec010ad19dc8edd51

Download Submit
C:\Users\Admin\AppData\Roaming\SogouExplorer\Favorite3.dat.tmp

Filesize
28KB

MD5
fb5100df7fbe757bdf68dbdabdd57bc2

SHA1
55095a3834f325c2c36abb257084b67ca471249f

SHA256
e3fbd974d12173f6c7b7446987855bf2a799bd6f0e76ffeaecc506b3a15e28a1

SHA512
26d7d1a5a7a2c6efdc3168fe3421a83be3e32ce9d53a8095e6805adc76607b7b2c08097ad589df524f743d487213c1f385627d044ab016cdf654edc4e3f23170

Download Submit
memory/1744-21-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1744-31-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/1744-6-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/1744-9-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/1744-11-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/1744-14-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1744-16-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1744-26-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/1744-24-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/1744-0-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/1744-19-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1744-7-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/1744-29-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/1744-34-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/1744-32-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/1744-37-0x0000000077E70000-0x0000000077E71000-memory.dmp

Filesize
4KB

Download
memory/1744-36-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/1744-3-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/1744-5-0x00000000002C0000-0x0000000000BEF000-memory.dmp

Filesize
9.2MB

Download
memory/1744-2-0x00000000002C0000-0x0000000000BEF000-memory.dmp

Filesize
9.2MB

Download
memory/1744-217-0x00000000002C0000-0x0000000000BEF000-memory.dmp

Filesize
9.2MB

Download