Overview

overview

7

Static

static

3

simplearchive.scr

windows7-x64

7

simplearchive.scr

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b0d62e6e34c0ae715e6fd8a6b1f5e62

  • Size

    604KB

  • Sample

    231230-rg54zahdg3

  • MD5

    1b0d62e6e34c0ae715e6fd8a6b1f5e62

  • SHA1

    d71a655a979b1e8ef3c2d58912e73e835e2684d8

  • SHA256

    6078d554f9b00bf8c5f8c7ed3bcf57c61d9b8c89c08c304ec938e1a450011ffe

  • SHA512

    130b8ec29193c49bc0b1903816139cd2cde47016c6b1c958c65939114e9f58ed8364800df24d1e5ca4d0544358474e5eafadaa198bea4adfedc50281e52fc8e6

  • SSDEEP

    12288:NE9yhNVTkcvk5vb3gmSw/cH8jxb4VuowCsQjyg8aKRSbEh+r:NEuNVNGT4L24xKrOAh+r

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      simplearchive.scr

    • Size

      712KB

    • MD5

      5e63fa00340326fecc1b3c7f942ccff1

    • SHA1

      eaf739f71b25517bffc37966dd19cb256c7c93fe

    • SHA256

      21fe1a80e75c3392f448b3ad41935c5d6b55bc4366532a0a6eee46c1b4684491

    • SHA512

      1ace52b425a2a9e0d102ffc6d67469b87d640f758d35b7c999763faba6888dfec0a491786bd9e70837280542bd59cc8ccb3df4e0c64e6fcc8a77d770d489d85e

    • SSDEEP

      12288:SXmwRo+mv8QD4+0N469AoUleMoGlHNImbu7IT/4zp1nBgxmF+Jf9v189lS:SX48QE+U7AoxMowHNImbu7AAF1BgxmFO

    Score
    7/10
    discoverypersistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks