Overview

overview

9

Static

static

3

Loader.exe

windows7-x64

8

Loader.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    hello.rar

  • Size

    1.7MB

  • Sample

    231010-qxr2lsfg82

  • MD5

    3d38892412c522526fe0f2bf1ca3030b

  • SHA1

    2df879abe7c71c9ff81ebc31868ee1be8818fc1b

  • SHA256

    cf46b9f8da20feff253d793a6a5c572aaaebba5809f9d35a6931426eb061585b

  • SHA512

    aad207eb5197c67d820e8d4692fdf086d81d39c23eb88f226b115f085bfeae535ebfd5f2d8a99e7ff7cabb7109e9cf8b05f75494f762dd4794b9ab1b3deae0e3

  • SSDEEP

    49152:sRImSUv+/FzsN0L1QHWb/I3m6y+KP4CvfkU+x:mImzWdzsmsWaw4+fwx

Score
9/10
spywarestealer

Malware Config

Targets

    • Target

      Loader.exe

    • Size

      1.9MB

    • MD5

      aad77527dc2ad2e9a2973b7b59a2c113

    • SHA1

      f773a2b50c3a859d7354d7306c850c3b4b19e673

    • SHA256

      a03dc25fdd0c2d81882988abf1b1f051a25b42bded5b1f960448037816e3160f

    • SHA512

      8a228f7fcbdf23fb0485b368e150b55ff9ab6a0e69e49a832369fd29834cc4b9a3f2282fd8b31bccc26773608d4ddf9a2c6fd265788891bc9020945fa216d3f3

    • SSDEEP

      49152:zzt+caQnwV3mq7PDtyqtCdwdypo0QMLc/sB3Bt:zzXsV3rPxHnA9QMQ/sB3H

    Score
    9/10
    spywarestealer

    • Nirsoft

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks