Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
24/10/2023, 06:07
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231023-en
General
-
Target
file.exe
-
Size
176KB
-
MD5
9df35ee08d982c22a8e8bbac157f04e1
-
SHA1
d4ea6693ad91b8f5bd60189d52d734c223deac01
-
SHA256
04a6c4289f601c803614782d3399e7f8ad80f7e784b65ebae34fcc65d65bcac0
-
SHA512
49232549287baf9884b8201bc9d048c6fd2209c0f75cd23e16766e719692c055c8a926e412a494ce185fc9849947c2f10ab61a594ae75e18ea5d27c3e32eb692
-
SSDEEP
3072:/uBNaqxS6x6XUZEKmh3cB6xQE64iVn5susz+Fm0PrmY:6Eqo6x6XUZEKi3ckQX4s6/zLs
Malware Config
Extracted
stealc
http://wy�ttsebastian.top
-
url_path
/e9c345fc99a4e67e.php
Signatures
-
Downloads MZ/PE file
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 file.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString file.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4572 file.exe 4572 file.exe