Overview

overview

10

Static

static

3

44b86bf042...a9.exe

windows7-x64

10

44b86bf042...a9.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    44b86bf0423e84aaa3930b25bf01a2a9

  • Size

    124KB

  • Sample

    240105-3m2vaacfem

  • MD5

    44b86bf0423e84aaa3930b25bf01a2a9

  • SHA1

    2bdf37db2e02f09061334c9081cc2ee92ff809c7

  • SHA256

    ec7e2d1b4f44c8609f7d3f1739147a2f4a332538357bdaeb782828abf18dc88f

  • SHA512

    082d798ea4310ff355a0611e3d0611e59bcfc4fda0b9139456dcf75b3e423260d03c3062c1fb911696899cccda4b21e32d4978dbd962b2706ca608ec1384f3a7

  • SSDEEP

    3072:v9hYL2lNz9Msq5IyGQJjWw7eKDR6CfzY0Vk9:lKL2Fq5IQdCKDR60k0Vk

Score
10/10
evasionpersistencespywarestealer

Malware Config

Targets

    • Target

      44b86bf0423e84aaa3930b25bf01a2a9

    • Size

      124KB

    • MD5

      44b86bf0423e84aaa3930b25bf01a2a9

    • SHA1

      2bdf37db2e02f09061334c9081cc2ee92ff809c7

    • SHA256

      ec7e2d1b4f44c8609f7d3f1739147a2f4a332538357bdaeb782828abf18dc88f

    • SHA512

      082d798ea4310ff355a0611e3d0611e59bcfc4fda0b9139456dcf75b3e423260d03c3062c1fb911696899cccda4b21e32d4978dbd962b2706ca608ec1384f3a7

    • SSDEEP

      3072:v9hYL2lNz9Msq5IyGQJjWw7eKDR6CfzY0Vk9:lKL2Fq5IQdCKDR60k0Vk

    Score
    10/10
    evasionpersistencespywarestealer

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Sets service image path in registry

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks