26a2aaf00982484f0f18430765200df95540cab4dfc983e22370fab61d2d24a3 | Triage

Submit
Reports

Overview

overview

Static

static

3

c354243142...b8.exe

windows7-x64

7

c354243142...b8.exe

windows10-2004-x64

Sharing

General

Target

c354243142d98af51c361ddd0dcff2b8.bin
Size

70MB
Sample

231121-ddwjgabg29
MD5

c354243142d98af51c361ddd0dcff2b8
SHA1

b6b37167099f8103c24d5ed2b700e214cc1416bc
SHA256

26a2aaf00982484f0f18430765200df95540cab4dfc983e22370fab61d2d24a3
SHA512

09de5ece9f4467a5783c749df6af9121e0b79db8731b8ed094bbfffbd539f251f4fde324cbf6314fdcbf7b838c391bb4e4178d4047107a84be1bf3bd07e9000c
SSDEEP

1572864:34/4rzOchPPndUX6wMv4O/il6/MsLsBSEJ/10MwKztS4MmGY7:4kqcdPdUqjzi/sLsBd/VwR4MtY7

Score

10^/10

discovery evasion spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c354243142d98af51c361ddd0dcff2b8.exe

Resource

win7-20231025-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

c354243142d98af51c361ddd0dcff2b8.exe

Resource

win10v2004-20231020-en

discovery evasion spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://bit.ly/e0Mw9w

Targets

- Target
  
  c354243142d98af51c361ddd0dcff2b8.bin
- Size
  
  70MB
- MD5
  
  c354243142d98af51c361ddd0dcff2b8
- SHA1
  
  b6b37167099f8103c24d5ed2b700e214cc1416bc
- SHA256
  
  26a2aaf00982484f0f18430765200df95540cab4dfc983e22370fab61d2d24a3
- SHA512
  
  09de5ece9f4467a5783c749df6af9121e0b79db8731b8ed094bbfffbd539f251f4fde324cbf6314fdcbf7b838c391bb4e4178d4047107a84be1bf3bd07e9000c
- SSDEEP
  
  1572864:34/4rzOchPPndUX6wMv4O/il6/MsLsBSEJ/10MwKztS4MmGY7:4kqcdPdUqjzi/sLsBd/VwR4MtY7
Score

10^/10

discovery evasion spyware stealer
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

discoveryevasionspywarestealer

© 2018-2023

Terms | Privacy