fe36ee5707daa891a4902579d1ef2a98d681bf50d87982a1a331432277924365 | Triage

Sharing

General

Target

djwa937rJ3uqReA.exe
Size

595KB
Sample

231014-b1n2ssbh75
MD5

672ec08e90c7379936773ee5fe3b0431
SHA1

a94b7be7b432942b59d4baeb546e8f038f52c290
SHA256

fe36ee5707daa891a4902579d1ef2a98d681bf50d87982a1a331432277924365
SHA512

7c9b8262c229a2dff2fc31bf3153226651546de7ec7714f4b32404f3ef6bd5dcfab7b7ea2e3736d57bef51f00df493af88896760560a1e0ade2fcd4102ba9814
SSDEEP

12288:ev2oj8FwLm/xXe6TfCUOHmPsdIlp8LCujucZ43OJxmxQlU2wFn:euoj8F64XeE9rl4CLs43YQWlU2wFn

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  djwa937rJ3uqReA.exe
- Size
  
  595KB
- MD5
  
  672ec08e90c7379936773ee5fe3b0431
- SHA1
  
  a94b7be7b432942b59d4baeb546e8f038f52c290
- SHA256
  
  fe36ee5707daa891a4902579d1ef2a98d681bf50d87982a1a331432277924365
- SHA512
  
  7c9b8262c229a2dff2fc31bf3153226651546de7ec7714f4b32404f3ef6bd5dcfab7b7ea2e3736d57bef51f00df493af88896760560a1e0ade2fcd4102ba9814
- SSDEEP
  
  12288:ev2oj8FwLm/xXe6TfCUOHmPsdIlp8LCujucZ43OJxmxQlU2wFn:euoj8F64XeE9rl4CLs43YQWlU2wFn
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2