b804b753be765e9449600bb7dd46f36cbaa2bc92e29fe62f4e4bde26a1a87ae3 | Triage

Sharing

General

Target

030bad2f855ca0f00316ddd0bd266bbb.exe
Size

96KB
Sample

240101-ytaxxshbcn
MD5

030bad2f855ca0f00316ddd0bd266bbb
SHA1

0576bf7d72f1e1e2e8e1ab60c3aa6e62d8b6f6e8
SHA256

b804b753be765e9449600bb7dd46f36cbaa2bc92e29fe62f4e4bde26a1a87ae3
SHA512

3343118d0daec3defcd823748fe3872666d3b14ddb99770f35bceaa6de18fdb94bcac267ad82beef7b9459181539390d4cdf1b97a8bb1601dc79eba09d2d1eba
SSDEEP

1536:ezDBda3hhnnFhrXzRGxfaBv7kqxgEEVa0:G9da3hhnFhrDu8vZue0

Score

10^/10

evasion persistence spyware stealer

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
darkwarrior

Targets

- Target
  
  030bad2f855ca0f00316ddd0bd266bbb.exe
- Size
  
  96KB
- MD5
  
  030bad2f855ca0f00316ddd0bd266bbb
- SHA1
  
  0576bf7d72f1e1e2e8e1ab60c3aa6e62d8b6f6e8
- SHA256
  
  b804b753be765e9449600bb7dd46f36cbaa2bc92e29fe62f4e4bde26a1a87ae3
- SHA512
  
  3343118d0daec3defcd823748fe3872666d3b14ddb99770f35bceaa6de18fdb94bcac267ad82beef7b9459181539390d4cdf1b97a8bb1601dc79eba09d2d1eba
- SSDEEP
  
  1536:ezDBda3hhnnFhrXzRGxfaBv7kqxgEEVa0:G9da3hhnFhrDu8vZue0
Score

10^/10

evasion persistence spyware stealer
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealer

behavioral2

evasionpersistencespywarestealer