Overview

overview

10

Static

static

10

6625bd4b26...72.exe

windows7-x64

7

6625bd4b26...72.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6625bd4b26d018dde4f1727ad9cd66112375b01efe51216e002186e543aaf772

  • Size

    157.7MB

  • Sample

    231210-cj7cgsdaf6

  • MD5

    2f010a1eb3eb549502c640fdf068067b

  • SHA1

    d2dd90bfadff4ff0e73884f3e47132d1bc376f56

  • SHA256

    6625bd4b26d018dde4f1727ad9cd66112375b01efe51216e002186e543aaf772

  • SHA512

    c819470c209dae93c2dd7616aa342aa30dc2fabdfb8d0afb408cc9199424ef18765a7f269690ca3307291475a8c232b159b004208626f4991b71f0c3dc73dcc2

  • SSDEEP

    1572864:1Wajz7MJ2NMyKfflSuPtvKeh0ew1988ae7XRuiRU2b:oKQ2NMD9L1iyiRv

Score
10/10
ducktailpersistencespywarestealer

Malware Config

Targets

    • Target

      6625bd4b26d018dde4f1727ad9cd66112375b01efe51216e002186e543aaf772

    • Size

      157.7MB

    • MD5

      2f010a1eb3eb549502c640fdf068067b

    • SHA1

      d2dd90bfadff4ff0e73884f3e47132d1bc376f56

    • SHA256

      6625bd4b26d018dde4f1727ad9cd66112375b01efe51216e002186e543aaf772

    • SHA512

      c819470c209dae93c2dd7616aa342aa30dc2fabdfb8d0afb408cc9199424ef18765a7f269690ca3307291475a8c232b159b004208626f4991b71f0c3dc73dcc2

    • SSDEEP

      1572864:1Wajz7MJ2NMyKfflSuPtvKeh0ew1988ae7XRuiRU2b:oKQ2NMD9L1iyiRv

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks