Overview

overview

7

Static

static

3

2ff85b35c2...ab.exe

windows7-x64

7

2ff85b35c2...ab.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    2ff85b35c2105effb59f9df72a2527270fa2171acaeef9ae641fbd58b48835ab

  • Size

    11.5MB

  • Sample

    231127-wl7wksbd6t

  • MD5

    895255dbf64becb1fc11b1fddded15f1

  • SHA1

    769a4156afa9b547261c95df5dac0cdd2eff52e8

  • SHA256

    2ff85b35c2105effb59f9df72a2527270fa2171acaeef9ae641fbd58b48835ab

  • SHA512

    ef080f5c980aa77f6b451f5b73a05127955b849c59a479ebc5fdc8664a3c02d69291d923d2cfd836cb0e6e62b9680f039fa3bb38cc052af70c845660c97956ed

  • SSDEEP

    196608:Nssh0xGLeGRY+lk5f3YoHIELFT9mWPiJJBiabIvZfAxXWZeR8AOtvtrzc5r2oSPn:GokyeGWqkBhfmMibPbua7R8AsvJK2/Pn

Score
7/10
spywarestealer

Malware Config

Targets

    • Target

      2ff85b35c2105effb59f9df72a2527270fa2171acaeef9ae641fbd58b48835ab

    • Size

      11.5MB

    • MD5

      895255dbf64becb1fc11b1fddded15f1

    • SHA1

      769a4156afa9b547261c95df5dac0cdd2eff52e8

    • SHA256

      2ff85b35c2105effb59f9df72a2527270fa2171acaeef9ae641fbd58b48835ab

    • SHA512

      ef080f5c980aa77f6b451f5b73a05127955b849c59a479ebc5fdc8664a3c02d69291d923d2cfd836cb0e6e62b9680f039fa3bb38cc052af70c845660c97956ed

    • SSDEEP

      196608:Nssh0xGLeGRY+lk5f3YoHIELFT9mWPiJJBiabIvZfAxXWZeR8AOtvtrzc5r2oSPn:GokyeGWqkBhfmMibPbua7R8AsvJK2/Pn

    Score
    7/10
    spywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks