Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
23-01-2024 01:28
Behavioral task
behavioral1
Sample
381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
Resource
win7-20231129-en
General
-
Target
381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
-
Size
280KB
-
MD5
681457fa460dff885eef657f166d5ef8
-
SHA1
44cac83393e0d6d083f0f2ae064090e2478f715b
-
SHA256
381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f
-
SHA512
369d299957327e6260f636933756054a0cd6ca78c4e585544aaac56c87fc6da8c9140e0ab0db51c601c06b95566ffa75d1f9699bc53369994eb0ab6d19eb2180
-
SSDEEP
6144:s068sLPlQBdpbFl37RYeuFAeQKWQcAfoOGCR/4jTHazM80WLXTT9Bvl:s068sLPlQBdpbFl3l0FAepWQcMdu+Ymt
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD598befa7052a255b88aa66b6503c09b53
SHA18b2443c7a8696646e1a79bc0b1585879490f7e8b
SHA2566a631c42b4378fb6a73ac302ddcee0e4c1fd553d4f447cfbe670db5bd428ff7e
SHA5126c3f236c63d0c5219b42da0e98b0c17d00b74b135efb585da3628438136a614d685dff99f637d8d082dff051f4bbbf0e0448813d44c2732a27e9a0de88151470
-
Filesize
1KB
MD52d094c1af69d172848a7f480f1af6f68
SHA159dbf9849800d64e1e598ab0f875b1219ea55b88
SHA25669d97fb41ef136c995b9bb73ba45b96b63ae142211194941163ee505a6853c0b
SHA51266714c891c3f5598e04f89acfe635b13702251cda82e5ae68cd061b0c9894f988a337ea347f4212e851a83bcd6df54d2207e55d5d392db9ba526c28316506c1b
-
Filesize
3KB
MD5e24fed1ffa967f5128ebb49ef4d8aef1
SHA1a2ad707f6da81e88f6df1284c9dcffb49762ccf8
SHA256d722779316ac838fa7c33a0a4768754d632126f8dc9d7f57d57605c29a581d32
SHA51252db06e170f914c234dd14af9fa9274309d725712533fb27d79ca3063846fe8eb916d0b8d90ced3be22b844e28d753f859a8c94aff39dde090cab01059a18810
-
Filesize
4KB
MD567c77e77a00a38d972bc107209bbb080
SHA1f2b305b253db2ebefa5361b9510a0f311c59d424
SHA256aa19330e6cce7f491ea10b28b04550366caaecd721299a1b4762902cae41f2d8
SHA512359e7777b42a6c42aeb5b51fffcfba4fd7caf608722cb5b2c36d8ff849bdc6c0c764e8e1dbe76d901b75146160722f0c3f6983e192c9efcdeafcf15272a4bfc3
-
Filesize
54KB
MD5b5e49f1fbd980dcfcae319727f1036ff
SHA167756731cceda77b955aa4a50675880c076038e9
SHA2562f2cfae472ddab5d58efdad055875e671affa51be73565bd4995fce2e31adbd6
SHA5122ea90083b24ed9abf940e8a7389c3b4ae93e47516e6f789fadafee293b26529767a1b266fb9deb471092ca6f526271485cf086a48a249d699689bd550e9b3b54