Analysis
-
max time kernel
42s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
30/12/2023, 10:43
General
-
Target
164593a343e4b60a40553af11ee353a0.exe
-
Size
293KB
-
MD5
164593a343e4b60a40553af11ee353a0
-
SHA1
ac07dd26052ee07c9b0d6e821b4d0870d503396b
-
SHA256
7151d607b0888ced8ac61fdd59796b4ca0c9f2bb762776ec4e48bc851d35a720
-
SHA512
868d4d8a53cfd59211b016c05e5f4cec4639f1d2d65c7dfe231ff88e9052bfdb35153c1fb6fa562399f8de98b8978c3476f41a2390ee02875d4728621eb34dbf
-
SSDEEP
6144:Lu2urzh9xu/XkauJzgtRDzSUxp3zfydsrNBAFxSrYPLS/zd:Lutrzh9xOXkFSteUxBTy+7rUYd
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\164593a343e4b60a40553af11ee353a0.exe"C:\Users\Admin\AppData\Local\Temp\164593a343e4b60a40553af11ee353a0.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\fitoprox30.exe"C:\Users\Admin\AppData\Local\Temp\fitoprox30.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
490KB
MD580ce87dc2a8b79f885fa02fe803265d6
SHA1080cb49c018d4e266dfedf193b6e8ed9b3e8aba7
SHA256a0404c184b0ad1697e1b63cc3fa44bd29d28823dadd88d20a02a0da43be92df1
SHA5129a4cd7497be54c6f833cc6e9051b2c2f3e9565f46f6f521e7c1cae4cc5c21a69810abfcf75b9bd54fe3b5b240af7a07e03f2af5d06363c55bf7c66b600a2e539
-
Filesize
4KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
516KB