2f7c6195415c8d32bbf266557f2e31b945204713487644c46328160d1e730337 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14/12/2023, 01:47

Sharing

Report Analysis Logs

General

Target

gift_generator.exe
Size

558KB
MD5

b82df74ac1d74deb7fe4be8743cd7dfd
SHA1

00a41f31b66f1484607d60c61f0d57766c6d2ca7
SHA256

24c98fa7f3aa92fbb15b97556f870ffa0687d7aa29b8fbfd44cb520cc97130ca
SHA512

286c65029029d41558e25d9269b0dd00d88c2627c0dd45ab52a22a25869f8f6604ea4efe010f9a4f763380935e89faa7dea83a34d0e19f050b7f52fa67484235
SSDEEP

12288:vOuFiuVKNCjMlt3zaQujADveg/QChuZ2OdSkDOfFN/9vXLrE8nlZcxVJx:vgu4N3lhPujEveg/Nho2OdSkSfFN/tXc

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\gift_generator.exe
"C:\Users\Admin\AppData\Local\Temp\gift_generator.exe"
1⤵
PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{a8446353}.txt

Filesize
96KB

MD5
0bd7048b89df665f465414c2d18b5654

SHA1
5fc660a8ccd406062db0edad7f7661372a120a21

SHA256
40c6dc144615020bc6f4023a59ff4c2ab21ae00d27e1a37835bd1db1cd1d91c2

SHA512
99a5a53b00c1a00fcd0e58cc0a214aebcdba4933bf4c4edf0dd4e31517b48e6708c65a3943c837e8a728acca94329720f293ae4f792ce090ce4a7f724f2ddc32

Download Submit
C:\Users\Admin\AppData\Roaming\ptt1739864748\Main\forms.txt

Filesize
11B

MD5
fbf2b0ea6fdc6fe3148bd600729d5fac

SHA1
2c0aad6ae361763eddc2668a9493f434d6a972bd

SHA256
c794c993f1d9125029477df973401ae082c56b53f1d7e461258537aa7efc5797

SHA512
29547388d261c54a031e97f0beeaf3bba67949a4a178ab5df39091d7e8e8a66415bc1f9dabd518eb7ceb7c01868b124575c7a16e41ed4e180a9df872847e57fb

Download Submit