Overview

overview

7

Static

static

3

VirusShare...20.exe

windows7-x64

7

VirusShare...20.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    VirusShare_a746b5ac6683432265320f73729e9b20

  • Size

    317KB

  • Sample

    240204-qlft7schcl

  • MD5

    a746b5ac6683432265320f73729e9b20

  • SHA1

    f3932ae36e79cf43123c539560a9618c40b5e007

  • SHA256

    d2de638a4d6ec7ffb2cc71942a91329f5704a1d33f12c74efbce1173af0645b1

  • SHA512

    2c9f16b3d71fb404d5d7e86a05f2e3ce4a4e7d1fce6192e32ba72a829eccc9c23af875c8279dbd76e1cf712360cdcfacef5a495d593ecf3dac25127b890e0e5d

  • SSDEEP

    6144:SVGkeFcRYEx6GefItOk2IpVGQ5LQkFjZwRimB+2KnO4:SVGkeGnvewtX2IpVGQ5MeoiIUO4

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      VirusShare_a746b5ac6683432265320f73729e9b20

    • Size

      317KB

    • MD5

      a746b5ac6683432265320f73729e9b20

    • SHA1

      f3932ae36e79cf43123c539560a9618c40b5e007

    • SHA256

      d2de638a4d6ec7ffb2cc71942a91329f5704a1d33f12c74efbce1173af0645b1

    • SHA512

      2c9f16b3d71fb404d5d7e86a05f2e3ce4a4e7d1fce6192e32ba72a829eccc9c23af875c8279dbd76e1cf712360cdcfacef5a495d593ecf3dac25127b890e0e5d

    • SSDEEP

      6144:SVGkeFcRYEx6GefItOk2IpVGQ5LQkFjZwRimB+2KnO4:SVGkeGnvewtX2IpVGQ5MeoiIUO4

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks