caf8e784f7a32ab970dc20feb31848377f4705fd4c093a96123fcdd948be8e4a | Triage

Submit
Reports

Overview

overview

Static

static

5

15ab0a725f...10.exe

windows7-x64

15ab0a725f...10.exe

windows10-2004-x64

Sharing

General

Target

15ab0a725fb6a659909cc1faf2600910.exe
Size

512KB
Sample

240103-r2q6jsehej
MD5

15ab0a725fb6a659909cc1faf2600910
SHA1

c7522e69040c0780f297937cd7c70a91fa44fc3e
SHA256

caf8e784f7a32ab970dc20feb31848377f4705fd4c093a96123fcdd948be8e4a
SHA512

3adfc2caaa45030e8346c01e8b791f541fb4f663c82d7ea33d72dfa477f355cbc82fb9fa5bbbae857882668930a4615eba245ad2b34583d05cd4208815423412
SSDEEP

6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6W:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5r

Score

10^/10

evasion persistence spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

15ab0a725fb6a659909cc1faf2600910.exe

Resource

win7-20231215-en

evasion persistence spyware stealer trojan

windows7-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

15ab0a725fb6a659909cc1faf2600910.exe

Resource

win10v2004-20231215-en

evasion persistence spyware stealer trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  15ab0a725fb6a659909cc1faf2600910.exe
- Size
  
  512KB
- MD5
  
  15ab0a725fb6a659909cc1faf2600910
- SHA1
  
  c7522e69040c0780f297937cd7c70a91fa44fc3e
- SHA256
  
  caf8e784f7a32ab970dc20feb31848377f4705fd4c093a96123fcdd948be8e4a
- SHA512
  
  3adfc2caaa45030e8346c01e8b791f541fb4f663c82d7ea33d72dfa477f355cbc82fb9fa5bbbae857882668930a4615eba245ad2b34583d05cd4208815423412
- SSDEEP
  
  6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6W:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5r
Score

10^/10

evasion persistence spyware stealer trojan
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealertrojan

behavioral2

evasionpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy