Overview

overview

8

Static

static

3

33da86a999...9a.exe

windows7-x64

8

33da86a999...9a.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    711204c7ad7aa94657f48fbbde87e37a.bin

  • Size

    164KB

  • Sample

    231127-cls8msdf7s

  • MD5

    040218d411932794497de661c91b6799

  • SHA1

    41e771951c2019365f7c64862c43cbaff85d5c5e

  • SHA256

    b849bce1d36e19445bcb62ba10cdfcb32292bf83c305e94a00bb224142c50499

  • SHA512

    612f3c8a9674857091bcc89934cc65bd52bef462976c7e607bdb7d946d34bcb8d1e8a9084e2b0db0c358613c15fdce1f01fb1261f6237c395f23eeb27a5a3c3f

  • SSDEEP

    3072:v0FU7DnVujbwRGPdh4cU8jLllRJqePpejSJydptRgSGxV2GtO:v0G7DnaoGPdh2gBZfpejSJyViK

Score
8/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      33da86a999f82f99598ab1a10ba98010501249231229051d78d35b826526e99a.exe

    • Size

      311KB

    • MD5

      711204c7ad7aa94657f48fbbde87e37a

    • SHA1

      a8ff15875a09fed650e1afbf372f361d23a3ea03

    • SHA256

      33da86a999f82f99598ab1a10ba98010501249231229051d78d35b826526e99a

    • SHA512

      b1d78078bc20e0ff239ab653fa818b9eda79de7aee99bdeb39f5c876c2fe7d72434e078982080388c05699265379898223d08c4d06bb05ee344967eeb79a2bcd

    • SSDEEP

      3072:4k05xp3CUPWUEYd+PrbO0t9EX5JP0wnPiosfDr7ltI52AWf5XyBk3eFx/RIAB:N0F3jP3EYMPqX5F0mMX5c5

    Score
    8/10
    discoveryspywarestealer

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks