Analysis
-
max time kernel
144s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 03:18
Behavioral task
behavioral1
Sample
0cbaec184db92171467595be1f4ea6ad.exe
Resource
win7-20231215-en
General
-
Target
0cbaec184db92171467595be1f4ea6ad.exe
-
Size
6.4MB
-
MD5
0cbaec184db92171467595be1f4ea6ad
-
SHA1
beda20dcfa59e3af13a66e19e9c9dda8ba0e1227
-
SHA256
a9e88a4c176a1ebf33183ee577dc11f968cac9e7745b6edaba3ad73fe647bf5d
-
SHA512
f8477ac2bd372dd79be814bc79b5791cc8b19b126a8a1839f451c03b5e40f21b1c949406b0c35bb365c342f254db307a9f01c670f7394b199524eabfded51ee6
-
SSDEEP
196608:kqPkHCsXDjDyfvwKP5W3I6sKpPyOp6MFfc2p:lSCEDPKRW3I1KptxfB
Malware Config
Signatures
-
Loads dropped DLL 13 IoCs
pid Process 1816 0cbaec184db92171467595be1f4ea6ad.exe 1816 0cbaec184db92171467595be1f4ea6ad.exe 1816 0cbaec184db92171467595be1f4ea6ad.exe 1816 0cbaec184db92171467595be1f4ea6ad.exe 1816 0cbaec184db92171467595be1f4ea6ad.exe 1816 0cbaec184db92171467595be1f4ea6ad.exe 1816 0cbaec184db92171467595be1f4ea6ad.exe 1816 0cbaec184db92171467595be1f4ea6ad.exe 1816 0cbaec184db92171467595be1f4ea6ad.exe 1816 0cbaec184db92171467595be1f4ea6ad.exe 1816 0cbaec184db92171467595be1f4ea6ad.exe 1816 0cbaec184db92171467595be1f4ea6ad.exe 1816 0cbaec184db92171467595be1f4ea6ad.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 4 api.ipify.org 5 api.ipify.org -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 1384 wrote to memory of 1816 1384 0cbaec184db92171467595be1f4ea6ad.exe 89 PID 1384 wrote to memory of 1816 1384 0cbaec184db92171467595be1f4ea6ad.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\0cbaec184db92171467595be1f4ea6ad.exe"C:\Users\Admin\AppData\Local\Temp\0cbaec184db92171467595be1f4ea6ad.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1384 -
C:\Users\Admin\AppData\Local\Temp\0cbaec184db92171467595be1f4ea6ad.exe"C:\Users\Admin\AppData\Local\Temp\0cbaec184db92171467595be1f4ea6ad.exe"2⤵
- Loads dropped DLL
PID:1816
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
93KB
MD5ade7aac069131f54e4294f722c17a412
SHA1fede04724bdd280dae2c3ce04db0fe5f6e54988d
SHA25692d50f7c4055718812cd3d823aa2821d6718eb55d2ab2bac55c2e47260c25a76
SHA51276a810a41eb739fba2b4c437ed72eda400e71e3089f24c79bdabcb8aab0148d80bd6823849e5392140f423addb7613f0fc83895b9c01e85888d774e0596fc048
-
Filesize
123KB
MD59755d3747e407ca70a4855bc9e98cfb9
SHA15a1871716715ba7f898afaae8c182bd8199ed60a
SHA256213937a90b1b91a31d3d4b240129e30f36108f46589ba68cd07920ce18c572c2
SHA512fb2d709b4a8f718c1ab33a1b65ac990052e3a5a0d8dd57f415b4b12bce95189397bfddb5fb3a7fc1776c191eb92fd28e3aaebbebdf1024ecd99e412376ca4467
-
Filesize
39KB
MD5bc4e6c9197126c7b3bec9b5a0ab73a95
SHA1b50ac13c607cbaf6e2e42aa8caedc9b53537f7f1
SHA25680276a998521c5065d4495885348cf2ffbb8953d5bde5451d6feb643ac5a70f2
SHA512776caf46f3d7f957fd910613bc59c7b9e5e82ef01c39a6bd25b694c994dcf4a6c457807118a5c8b9861909597f2dc378bbff5d4c86796dc03d27426c4b3bc7a8
-
Filesize
77KB
MD5ee5c9250e766a02aa745a0d1493a387c
SHA10e6e86b7cda5f99e719dab8bdcae21558e7def10
SHA25628b23ef979ff75b3cc44fce358b7ed087488105e3186249163504cd719567ccf
SHA512ba4ad7d081b307f220212a9fbf982f925ac742eec64b3c9ed2bdbf3d06a589b1acc992d9585dec077de3b7f9e814a7115470a89307123491a3aff0ac3d795419
-
Filesize
92KB
MD5aeefcc62e0543475cdb19c62ae2e5542
SHA18a55224946b227b84205092924d37d3cf856d06c
SHA256de27deb518384abd977601222bf28aed6d33d488161f93a21a935b24ba0aab16
SHA51255ecf7c5942d65c1fe26a884882933ecbb0a7443e3d0a64d3e811a4241d688adbcb8f339d40237fc66cbfc604c0cc38191fe514c519d12fdbce8a34e89ccb472
-
Filesize
512KB
MD57ef0acff97a113857a3b9ecbae811430
SHA16b33c8e5c7e1e479347c06ed9f0faa1fd1d953b3
SHA256355b6bad3772d680ecdcd2a540bf8fee968e692c107871c001b01f9a50c0278f
SHA51248122ac73b34f778a891dba886900bf08c15c9d122970abe210f76f65b71d27ef0a2b59da7d064d70162717fc9b1af4b610b0c6212e16bc0e3f561d6e9dcdb47
-
Filesize
95KB
MD5717d3b7acb0a078493e9cdd98767a470
SHA140877834c22e49eee8416fdcedd71f9963d33161
SHA2564ce7335ad83b2d8349db6e5db8c991d7b362febceacb1efa1a43edecfbc159f9
SHA5123dc104733e5b1195c99a688eb7180adad8f53c8c9ccbea352e3d0c290951da6485ad9e4447352264143974c4e702d802ae5ab623365bdcd8a523831a7032f538
-
Filesize
15KB
MD5861d9f7c58fef9968ac6f3e6753c24ca
SHA1b2e7b8d1b7c1577dbe00fbc15036d8e9d6c609e7
SHA256b3942c046d68949ad46a71f1b996d456f897ce338eca1a49435a746071c8599b
SHA5122bc24c219816c6e8cd6c3fe8eab19d84718f63eb8adb1ea2af8ed5880d982de0c5789554816dee28f54bb3bfd5bc63c5c3d4fedef377cfa36e888758df718fd3
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
1024KB
MD5e216926e369111d0ff115b2ef297e4fd
SHA1027729b53464d956039617c58c1e1f9020041366
SHA256143eca68ad8944d0cb66d824367deca2c66751e8d6f97b670420655bbd50f86e
SHA512655aa29987baa783b97d4bc32e6e6aefd75cb22116091d9f7edaa08d7685e7f03750f44c00616a33656dd9e108a76b2b39cf6bddbe292951ced10a534b1c75e2
-
Filesize
704KB
MD55f3467f3fcec17b35a85713cd531a504
SHA136d31382700ce0e298020d82714958a1e8f2b025
SHA256a0da6b8ab2726b996cfd44333b08a9617d0d983ecd1042f5d176289a36c313f2
SHA512e21df1c4741a6c8d9de8e270a63f72982edf18e91fc290906542f10ef190ca72e379675f8aa9893ddb97ad7bfadee65af9eb35331658609af0bd483cbc190ce2
-
Filesize
27KB
MD56e3e3565f98e23bee501c54a4b8833db
SHA1a4c9ecbd00c774e210eb9216e03d7945b3406c2c
SHA25671a2198c2f9c8cb117f3ea41dc96b9ae9899f64f21392778d1516986f72d434b
SHA512359aac4a443a013f06295e1a370f89d4452ea75fd2d11776f4eccf605b59caf529baffdcc3cef3eeb59e44a42beaf927bed908b507ac479cccc870768a620fed