Overview

overview

9

Static

static

3

ˮ.exe

windows7-x64

9

ˮ.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    d4e059b3ba56f1edf526994ed398b26fa08da40a45b7e45477dc581c90463bc6

  • Size

    38KB

  • Sample

    231011-r5nvlaea31

  • MD5

    86ed22a084612b80ca4a9ba995aad1f0

  • SHA1

    f9c9f3331445195e0a6a28357dc94ad9549c9b19

  • SHA256

    d4e059b3ba56f1edf526994ed398b26fa08da40a45b7e45477dc581c90463bc6

  • SHA512

    b3f6c7a6538bd2059507ad1e86df2b7f6a38aaeb6c791b04e0e884f992cde1d2e06a1855c68445d969e7d56f999facd8a1a1836d9f0c39d12817fc8515319e7b

  • SSDEEP

    768:5cbmFuLZbBfNVUzsqcAHhlVhTxnuojKy8azKnHPB88f:mbhFSI8/VhdrefgKHPB8i

Score
9/10
persistencespywarestealer

Malware Config

Targets

    • Target

      ˮ.exe$

    • Size

      168KB

    • MD5

      0d4f0075a638fb64d6ac677d7241b054

    • SHA1

      17f0c28d98ec64bf21b530b3162cf6b7f0dce124

    • SHA256

      74eed4952ea3a1359196a090bc9dcd3659d93138893d4598af47b539075c5c72

    • SHA512

      baa6647d70a12fab311afed654df038c8a227f89d192cd0c33753c9629bf04e3adbe05220aa4a009b5bb70af89035a429f0ceb17024744859cd8c27ce4bce669

    • SSDEEP

      1536:k840UmJc+IMPwYRco0Uqsul3i6EBXPsC+:kXbhQPfRco0gua+

    Score
    9/10
    persistencespywarestealer

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks