5249a6c3b628626cb9c02b767a249b2422ebf3525ef6fadf668d2f68009c5baa | Triage

Submit
Reports

Overview

overview

7

Static

static

1

b58eec6e5a...8f.exe

windows7-x64

7

b58eec6e5a...8f.exe

windows10-2004-x64

7

Sharing

General

Target

10a331a12ca40f3293dfadfcecb8d071.bin
Size

359KB
Sample

240205-bd6y4afae7
MD5

fe0d508f5acb801e0854893d060ef504
SHA1

bd4e34e671f98b10aecbd853c89d68bc524c64d6
SHA256

5249a6c3b628626cb9c02b767a249b2422ebf3525ef6fadf668d2f68009c5baa
SHA512

2769824f29516423a3661b74e4a76e527b0ccb53c95ef0512e3c080523d1d5f2d4879e588df07cf6ea829133b0b1ca52f853189b741b46f0207b6cc5f89f62d9
SSDEEP

6144:4MT1NaLG6NQMYGhzAnYmqILzs8JZJZobZjaB63osAas3LNuWDezsu6vRF4acuI:sGozYGh0nYmqILzBCbZjlYsAa6fD3vvM

Score

7^/10

discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

b58eec6e5aabc701404d5b5556c86fff5cc103c69eeda00061e838c4f122288f.exe

Resource

win7-20231129-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

b58eec6e5aabc701404d5b5556c86fff5cc103c69eeda00061e838c4f122288f.exe

Resource

win10v2004-20231215-en

discovery spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  b58eec6e5aabc701404d5b5556c86fff5cc103c69eeda00061e838c4f122288f.exe
- Size
  
  421KB
- MD5
  
  10a331a12ca40f3293dfadfcecb8d071
- SHA1
  
  ada41586d1366cf76c9a652a219a0e0562cc41af
- SHA256
  
  b58eec6e5aabc701404d5b5556c86fff5cc103c69eeda00061e838c4f122288f
- SHA512
  
  1a5b8e77ddbab97bb4c848adbcd7dbfb9ca84307d1844dba9572fcea48a2cbb091a3fc52663b87568416adf18a1338adc07aab0bd5f1ab36a03c8ff8a035d399
- SSDEEP
  
  12288:jh1Fk70TnvjcL8o0S86aZ+ldnqA1W0PeF7H:5k70TrcJX32ih1Re7H
Score

7^/10

discovery spyware stealer
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy