Overview

overview

10

Static

static

10

301caec276...ff.exe

windows7-x64

7

301caec276...ff.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    301caec2769daa002d3d7f6408d24afa564fa59edd2033cb2962649754837bff

  • Size

    158.0MB

  • Sample

    231204-by4z8sgd63

  • MD5

    66968df71661f2397a646e38348222b8

  • SHA1

    3489b89565130e064482249de5707fee3fe5673a

  • SHA256

    301caec2769daa002d3d7f6408d24afa564fa59edd2033cb2962649754837bff

  • SHA512

    66ea44ce5e87ca9599c9f4257f816eb58bd929800f55107b490ec2f0fcc32a95b4c5d2e90d2ac6b6878f38b51daca7529d877682719ee8918631b8a6c5fc382a

  • SSDEEP

    1572864:YWarxc6cX72VubK8xidgzvKeh0ew1988ae7XRuiRU2B:XbK8xiwiyiR1

Score
10/10
ducktailpersistencespywarestealer

Malware Config

Targets

    • Target

      301caec2769daa002d3d7f6408d24afa564fa59edd2033cb2962649754837bff

    • Size

      158.0MB

    • MD5

      66968df71661f2397a646e38348222b8

    • SHA1

      3489b89565130e064482249de5707fee3fe5673a

    • SHA256

      301caec2769daa002d3d7f6408d24afa564fa59edd2033cb2962649754837bff

    • SHA512

      66ea44ce5e87ca9599c9f4257f816eb58bd929800f55107b490ec2f0fcc32a95b4c5d2e90d2ac6b6878f38b51daca7529d877682719ee8918631b8a6c5fc382a

    • SSDEEP

      1572864:YWarxc6cX72VubK8xidgzvKeh0ew1988ae7XRuiRU2B:XbK8xiwiyiR1

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks