Malware Analysis Report

2025-03-14 21:59

Sample ID 240127-f3r9fseaf9
Target 5c737e8e5e7cedf0c061e62f4fb7cc2fdf06ce0e79877cc0a6563395fd37ce57.exe
SHA256 25a71650ac89b1b9bb43a8b879243688df40b95ab5a47b6676d818fe471695c3
Tags
easystealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

25a71650ac89b1b9bb43a8b879243688df40b95ab5a47b6676d818fe471695c3

Threat Level: Known bad

The file 5c737e8e5e7cedf0c061e62f4fb7cc2fdf06ce0e79877cc0a6563395fd37ce57.exe was found to be: Known bad.

Malicious Activity Summary

easystealer

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Detects Easy Stealer

Easystealer family

Unsigned PE

Program crash

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-01-27 05:24

Signatures

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Description Indicator Process Target
N/A N/A N/A N/A

Detects Easy Stealer

Description Indicator Process Target
N/A N/A N/A N/A

Easystealer family

easystealer

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-27 05:24

Reported

2024-01-27 05:26

Platform

win7-20231215-en

Max time kernel

120s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c737e8e5e7cedf0c061e62f4fb7cc2fdf06ce0e79877cc0a6563395fd37ce57.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\5c737e8e5e7cedf0c061e62f4fb7cc2fdf06ce0e79877cc0a6563395fd37ce57.exe

"C:\Users\Admin\AppData\Local\Temp\5c737e8e5e7cedf0c061e62f4fb7cc2fdf06ce0e79877cc0a6563395fd37ce57.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 36

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-27 05:24

Reported

2024-01-27 05:26

Platform

win10v2004-20231222-en

Max time kernel

91s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c737e8e5e7cedf0c061e62f4fb7cc2fdf06ce0e79877cc0a6563395fd37ce57.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\5c737e8e5e7cedf0c061e62f4fb7cc2fdf06ce0e79877cc0a6563395fd37ce57.exe

"C:\Users\Admin\AppData\Local\Temp\5c737e8e5e7cedf0c061e62f4fb7cc2fdf06ce0e79877cc0a6563395fd37ce57.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2288 -ip 2288

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 220

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A