Overview

overview

8

Static

static

3

f80dbbc894...21.exe

windows7-x64

8

f80dbbc894...21.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f80dbbc894d31cf00e29da54aaa40798bd53cbba4e4d2bbd244f28cefff1bf21

  • Size

    4.6MB

  • Sample

    231012-xeb11aaf83

  • MD5

    8575f3971c0dc62862417d9a40cfc04a

  • SHA1

    c0e54ad1c61f5eb37c72b3e2f9fc281ee7d3cd78

  • SHA256

    f80dbbc894d31cf00e29da54aaa40798bd53cbba4e4d2bbd244f28cefff1bf21

  • SHA512

    30d1ede15265b2f643deb02cd622a7d3c272bd332d98331ab635b9a54c5db70fe8fc6c003bf9ad860e41060c6231b004e40b94dc41b70e2f176018eb3056fa01

  • SSDEEP

    98304:jcOxoa2orK2t+GwVbqTUwgNFU60dfKdzOJDb4v+:HoZpNFU604wN0v+

Score
8/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      f80dbbc894d31cf00e29da54aaa40798bd53cbba4e4d2bbd244f28cefff1bf21

    • Size

      4.6MB

    • MD5

      8575f3971c0dc62862417d9a40cfc04a

    • SHA1

      c0e54ad1c61f5eb37c72b3e2f9fc281ee7d3cd78

    • SHA256

      f80dbbc894d31cf00e29da54aaa40798bd53cbba4e4d2bbd244f28cefff1bf21

    • SHA512

      30d1ede15265b2f643deb02cd622a7d3c272bd332d98331ab635b9a54c5db70fe8fc6c003bf9ad860e41060c6231b004e40b94dc41b70e2f176018eb3056fa01

    • SSDEEP

      98304:jcOxoa2orK2t+GwVbqTUwgNFU60dfKdzOJDb4v+:HoZpNFU604wN0v+

    Score
    8/10
    discoveryspywarestealer

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks