5aaf6106793bcd835392b2434f9cb2e52d37b6b4d96363bcb70b2c67f6a549ff | Triage

Submit
Reports

Overview

overview

7

Static

static

1

0bab6eebb7...e3.exe

windows7-x64

7

0bab6eebb7...e3.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

18d65d34eebb570d3fef21afc23f5806.bin
Size

63KB
Sample

240203-bg2hsafgcq
MD5

c0a717541e79caa81b2188467bd2cc53
SHA1

3345800c2c3f32880f37a948f89819c3022cb9d6
SHA256

5aaf6106793bcd835392b2434f9cb2e52d37b6b4d96363bcb70b2c67f6a549ff
SHA512

41025301a1eaa9c6fe86fb983c0d484e8cb4838e298b6b45d32c26f0887fa4da02c29e92a5fec8c8c107f3a428dac1054b6253d80d3dc050d4cef235717335c5
SSDEEP

1536:cIPydz83enEsIzXWOmcUQ8frHyAj9aSMhvydYbyCc+6fi4:XP++eujqTfBRaSayduyDDfi4

Score

7^/10

collection discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

0bab6eebb738e1bb71c97393a3a1acd3e2a82ec950af53e030a976c428c8fde3.exe

Resource

win7-20231129-en

collection discovery spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

0bab6eebb738e1bb71c97393a3a1acd3e2a82ec950af53e030a976c428c8fde3.exe

Resource

win10v2004-20231215-en

collection discovery spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  0bab6eebb738e1bb71c97393a3a1acd3e2a82ec950af53e030a976c428c8fde3.exe
- Size
  
  149KB
- MD5
  
  18d65d34eebb570d3fef21afc23f5806
- SHA1
  
  7442b95da3fe5cae89aac61c7c609105294037c7
- SHA256
  
  0bab6eebb738e1bb71c97393a3a1acd3e2a82ec950af53e030a976c428c8fde3
- SHA512
  
  af53c5163ce6817c4e5777c7668bd314e771ebd5ace5139743bc7f06b3f68d7fe4128ba968941624037eceb3904f2d1b6c656c49c3fe3839b719801b19428850
- SSDEEP
  
  3072:1kNnh2p95a59b8sbHzcwTqXkrJLoTV8YifkKLkSEGfr:1kfE5a59b8kHRrWy
Score

7^/10

collection discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondiscoveryspywarestealer

behavioral2

collectiondiscoveryspywarestealer

© 2018-2025

Terms | Privacy