2a5dc3ca52e9fd0c664e6803d99fd2796ada921aa4901b257986c8c5530e0906

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2024 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a5dc3ca52e9fd0c664e6803d99fd2796ada921aa4901b257986c8c5530e0906.exe
Size

2.2MB
MD5

6a41f06db94eeccba82831c77c484d0e
SHA1

57c057daf52c3f41fac75fe679f7f67c913254d2
SHA256

2a5dc3ca52e9fd0c664e6803d99fd2796ada921aa4901b257986c8c5530e0906
SHA512

2013edc997ac2c507ab88f1549328fa5d35d4698975d0b957e861a56e772e13b3460024dd464fdc8aa8f71c9d2095409bdfc7dc4637fb21b363510f55a7cbae0
SSDEEP

24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABto:PBozBdhEV7q8bOQnIFWY+3Je0wA

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

10 ipinfo.io
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
10	ipinfo.io

C:\Users\Admin\AppData\Local\Temp\2a5dc3ca52e9fd0c664e6803d99fd2796ada921aa4901b257986c8c5530e0906.exe
"C:\Users\Admin\AppData\Local\Temp\2a5dc3ca52e9fd0c664e6803d99fd2796ada921aa4901b257986c8c5530e0906.exe"
1⤵
PID:4940

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_W0_wE0_aE0_pE0_GB_{e54abc2c-9b7f-11ee-9a3d-806e6f6e6963}_f8XLuaFWFi.zip
Filesize
180KB

MD5
902b34b0a6c459e0917ed9cdc5b21e0e

SHA1
858ca0077ec4bc4b395f558f42ebecbfe5652ceb

SHA256
59efb5e7b70afd4707f962424d31007c462b442be876c6a5bc25894a73ce5769

SHA512
83a3e91d590ee657bb7e0c0c4cf0d9362bb5b846ffdc1727fd3b7fddb54c5a3aaf946f24d2bcdc124add8df4882ca6015cdd5e5e0927c8751698af0e3ed7a149

Download Submit