Overview

overview

10

Static

static

10

ShadowTag.exe

windows7-x64

7

ShadowTag.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ShadowTag.zip

  • Size

    13.0MB

  • Sample

    231130-m1jb4aah96

  • MD5

    f619e58dfa3cc27aa5185c8ced1aea8d

  • SHA1

    383e26a61c40f440ab8a4c3b4af50b54b5e4adb4

  • SHA256

    c15849eb63a3f5d12e6cd7542d032d21a5494780708fe9166bcedd08cacb9aad

  • SHA512

    65fd8a37c5aa4a6bbff93d26bb380746db9396e952bd05ed369b1ae6b72877dfd66be2be024016a25e00f7f0d1a0d58701267935dc350ed9e29d763f6f66e236

  • SSDEEP

    393216:XCGMf20Hu0iH767kQ1S71Y5dg7qvhPjoULWB:ef5ulH7OkQEP0JLWB

Score
10/10
crealstealerpyinstallerspywarestealer

Malware Config

Targets

    • Target

      ShadowTag.exe

    • Size

      13.2MB

    • MD5

      a64a50d764de2af1e198bfd517eec2f3

    • SHA1

      913b4cdc597642e4ac33e1a6526cd163f2bc29cb

    • SHA256

      4cbea24a8641dc763864ffe8a2d4ebfa3d7ea5eb7280a25edc0b2e3d4c6cdde3

    • SHA512

      efb92705d50713b06c208a308c0a8eee17c8b05c8622b0158c5974b89484739d2b48d96a860268d86afd5b51f715362542208a12b7e441c6d29d95d5ca3fa1a4

    • SSDEEP

      393216:BiIE7Yo9+4ucW+eGQRJ9jo7BGcGmY/dt1Wom2:u7r9+RcW+e5RJ9Mgpm2

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks