7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8

Analysis

max time kernel
1190s
max time network
1198s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
24-01-2024 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe
Size

15.4MB
MD5

48960927f906cbe23a79dc61ff0a2fea
SHA1

62ab60890776f8c0188253c61c59706ca5046950
SHA256

7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8
SHA512

3e2d0e487d9138eaedc0529f4c98cb96635886133ce3020af55175a3ca9e3d5bdf81dfcf5c89e54abc916cdf79cbc44c371ff6014f2fad1fd92c9b7c2d05afb4
SSDEEP

393216:bZnIdQ+TOgj/C5oo4162qc1kqzp99v93UUxRz:bjQScqwkqTp93UUxV

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1460	BraveBrowserSetup.exe
3788	dexket.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

GoLang User-Agent 10 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	71	Go-http-client/1.1
HTTP User-Agent header	2	Go-http-client/1.1
HTTP User-Agent header	21	Go-http-client/1.1
HTTP User-Agent header	67	Go-http-client/1.1
HTTP User-Agent header	69	Go-http-client/1.1
HTTP User-Agent header	70	Go-http-client/1.1
HTTP User-Agent header	11	Go-http-client/1.1
HTTP User-Agent header	13	Go-http-client/1.1
HTTP User-Agent header	34	Go-http-client/1.1
HTTP User-Agent header	35	Go-http-client/1.1

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1460	BraveBrowserSetup.exe
1460	BraveBrowserSetup.exe
1460	BraveBrowserSetup.exe
1460	BraveBrowserSetup.exe
1460	BraveBrowserSetup.exe
1460	BraveBrowserSetup.exe
1460	BraveBrowserSetup.exe
1460	BraveBrowserSetup.exe
1460	BraveBrowserSetup.exe
1460	BraveBrowserSetup.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 1460	4872	7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe	74
PID 4872 wrote to memory of 1460	4872	7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe	74
PID 4872 wrote to memory of 3788	4872	7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe	75
PID 4872 wrote to memory of 3788	4872	7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe	75
PID 4872 wrote to memory of 3788	4872	7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe	75

C:\Users\Admin\AppData\Local\Temp\7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe
"C:\Users\Admin\AppData\Local\Temp\7829fd09ab10f4a1a2d5607d0aba69931d1b8ec68f1d95607af34ffaf80691b8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Users\Admin\AppData\Local\Temp\dexket.exe
  "C:\Users\Admin\AppData\Local\Temp\dexket.exe"
  2⤵
  - Executes dropped EXE
  PID:3788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe

Filesize
553KB

MD5
6e060e3627aa34448ee0deb7cb80cd9b

SHA1
758de106ee2675348ed9f5781b683ea0777fbfb7

SHA256
e0a5e281f356e47dacfae0198f1fd6d2f253a6ae97237a77ee8648d4e6a08730

SHA512
736ef678b3480c235aa1d2359064af897d76b0ca623d1e5b3237598b048f5f5a0f120743dc11eda99540b94153f00f025db74349e8de8bdca3acf0f3425fc79f

Download Submit
C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe

Filesize
748KB

MD5
850b8e86b0585fcfc7ffb9ee685e7f3e

SHA1
f8fb2e2a32a8a70bcf52add86b47aebba0a8880d

SHA256
6bc054d2beb3c6924bf552814ce04e5cfb7c5c5f6e3500f80c9227d438cb81e3

SHA512
d6f4e6a8cbf440db89433d300e4da595cb73bd47c637d1d4b7a96286a1062b4a89d10e1103d6b4d32b70cfcee41ec8ed7fcf0d95ea62f73c6e6ea0cb53deeef3

Download Submit
C:\Users\Admin\AppData\Local\Temp\dexket.exe

Filesize
352KB

MD5
09029f599a8b0e1a19db48416c114a94

SHA1
34346b809c9b13c82b3f609fc5d08306c1f905ca

SHA256
8e60925caf18080fb9640f9bd500fcc5107e2a2f13d705c6ffa8347c7352dc4a

SHA512
d9f7bfc2a6f051ee7bda6f0d4c56cba9c4e861cc7e05998c53d95c66413621c9823923c6f4078c109df9d874ec8c79876b964e8187c6652d0a3d783414fff9ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\dexket.exe

Filesize
277KB

MD5
7666744c229ef4797afe2799fc9edf20

SHA1
58e63ad66a2daa39a557737c80d19e90cf6675ff

SHA256
f72d0552ed946f367bd8219bc60227f96fc5b46eada08bb232ff04107e672281

SHA512
0ed581ccc1bda7b3eb2fdf144acf6938b1ffc9ebb6b1f1cd70a002e364aa176a9dbf007166601f999eef0e5e5a777954e50e650478dd57b2a810123ff9f02a1f

Download Submit
memory/1460-6-0x000001ED4C980000-0x000001ED4CAB2000-memory.dmp

Filesize
1.2MB

Download
memory/1460-8-0x00007FF77A6D0000-0x00007FF77AA36000-memory.dmp

Filesize
3.4MB

Download
memory/1460-4-0x00007FF77A6D0000-0x00007FF77AA36000-memory.dmp

Filesize
3.4MB

Download
memory/1460-9-0x00007FF77A6D0000-0x00007FF77AA36000-memory.dmp

Filesize
3.4MB

Download
memory/1460-7-0x00007FF77A6D0000-0x00007FF77AA36000-memory.dmp

Filesize
3.4MB

Download
memory/1460-13-0x00007FF77A6D0000-0x00007FF77AA36000-memory.dmp

Filesize
3.4MB

Download
memory/1460-17-0x00007FF77A6D0000-0x00007FF77AA36000-memory.dmp

Filesize
3.4MB

Download
memory/1460-10-0x00007FF77A6D0000-0x00007FF77AA36000-memory.dmp

Filesize
3.4MB

Download
memory/1460-34-0x00007FF77A6D0000-0x00007FF77AA36000-memory.dmp

Filesize
3.4MB

Download
memory/3788-49-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-66-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-18-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-19-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-20-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-21-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-22-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-23-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-35-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-37-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-38-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-41-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-42-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-43-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-47-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-15-0x0000000002080000-0x000000000240E000-memory.dmp

Filesize
3.6MB

Download
memory/3788-50-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-52-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-54-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-56-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-59-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-60-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-64-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-16-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-68-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-69-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-70-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-72-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-73-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-74-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-75-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-76-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-77-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-78-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-79-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-80-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-81-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-82-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-84-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-85-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-86-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-87-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-88-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-90-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-91-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download
memory/3788-92-0x0000000001360000-0x0000000001F4E000-memory.dmp

Filesize
11.9MB

Download