Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31-01-2024 06:26
Behavioral task
behavioral1
Sample
2a5dc3ca52e9fd0c664e6803d99fd2796ada921aa4901b257986c8c5530e0906.exe
Resource
win7-20231215-en
General
-
Target
2a5dc3ca52e9fd0c664e6803d99fd2796ada921aa4901b257986c8c5530e0906.exe
-
Size
2.2MB
-
MD5
6a41f06db94eeccba82831c77c484d0e
-
SHA1
57c057daf52c3f41fac75fe679f7f67c913254d2
-
SHA256
2a5dc3ca52e9fd0c664e6803d99fd2796ada921aa4901b257986c8c5530e0906
-
SHA512
2013edc997ac2c507ab88f1549328fa5d35d4698975d0b957e861a56e772e13b3460024dd464fdc8aa8f71c9d2095409bdfc7dc4637fb21b363510f55a7cbae0
-
SSDEEP
24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABto:PBozBdhEV7q8bOQnIFWY+3Je0wA
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 10 ipinfo.io -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_W0_wE0_aE0_pE0_GB_{e54abc2c-9b7f-11ee-9a3d-806e6f6e6963}_f8XLuaFWFi.zipFilesize
180KB
MD5902b34b0a6c459e0917ed9cdc5b21e0e
SHA1858ca0077ec4bc4b395f558f42ebecbfe5652ceb
SHA25659efb5e7b70afd4707f962424d31007c462b442be876c6a5bc25894a73ce5769
SHA51283a3e91d590ee657bb7e0c0c4cf0d9362bb5b846ffdc1727fd3b7fddb54c5a3aaf946f24d2bcdc124add8df4882ca6015cdd5e5e0927c8751698af0e3ed7a149