Overview

overview

7

Static

static

3

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    696KB

  • Sample

    231013-f5e2xafa6t

  • MD5

    0991dbdc1c272fcb1bd7e665d14b2caf

  • SHA1

    8ade908e9cd9abf1e9f8e97fea76cc231ed84a47

  • SHA256

    4e39fb3fcbcd2a8c6063cd905142601cba90d7b657fe9cfce55641ffad87cb5c

  • SHA512

    43f2f4f264c448f0178bdef7d7018dda8d8de2481252b762cc2c75aac18aaf814cebf47589da9ec516fdab1f12ff9e3af2c3c29599f787c1ce726d772ea55802

  • SSDEEP

    12288:JcXEwUpbbWNn1ftDWyckLiKjYV9pEmNG/AwOHBN9F5Q5GJ6XRtCR8LzAZJuMmXbv:JHbYnRhWycQiK

Score
7/10
collectiondiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      file.exe

    • Size

      696KB

    • MD5

      0991dbdc1c272fcb1bd7e665d14b2caf

    • SHA1

      8ade908e9cd9abf1e9f8e97fea76cc231ed84a47

    • SHA256

      4e39fb3fcbcd2a8c6063cd905142601cba90d7b657fe9cfce55641ffad87cb5c

    • SHA512

      43f2f4f264c448f0178bdef7d7018dda8d8de2481252b762cc2c75aac18aaf814cebf47589da9ec516fdab1f12ff9e3af2c3c29599f787c1ce726d772ea55802

    • SSDEEP

      12288:JcXEwUpbbWNn1ftDWyckLiKjYV9pEmNG/AwOHBN9F5Q5GJ6XRtCR8LzAZJuMmXbv:JHbYnRhWycQiK

    Score
    7/10
    collectiondiscoverypersistencespywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks