Overview

overview

7

Static

static

1

Installer 2.0.exe

windows7-x64

3

Installer 2.0.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Installer 2.0.exe

  • Size

    730KB

  • Sample

    240214-py6qqaaf71

  • MD5

    1a36e01cb306082cafe4ab35a7527cd5

  • SHA1

    85a130e5345cf06999d37917ef22ef579663661e

  • SHA256

    eec5a673d40af5d0dde8a23a1591a5051cf507a9daeb4c4a66be453f18e5cc0b

  • SHA512

    71bf3de287105191bb4582851fc475fafb0ff6d4698dcf3d4979ab9f70e176564ff5179b7f78195de62917c26e5925baffbe689e44553e544a43fd77a72fefdf

  • SSDEEP

    12288:ah1Fk70Tnvjcu1Ny+9U9lzsL59dpl0vCFbGYUQX4s9vtuhjUSxxvpZBxZ2BRXy:0k70Trcu1Bm9lzsVTYvCBGnQIs9CjUSR

Score
7/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      Installer 2.0.exe

    • Size

      730KB

    • MD5

      1a36e01cb306082cafe4ab35a7527cd5

    • SHA1

      85a130e5345cf06999d37917ef22ef579663661e

    • SHA256

      eec5a673d40af5d0dde8a23a1591a5051cf507a9daeb4c4a66be453f18e5cc0b

    • SHA512

      71bf3de287105191bb4582851fc475fafb0ff6d4698dcf3d4979ab9f70e176564ff5179b7f78195de62917c26e5925baffbe689e44553e544a43fd77a72fefdf

    • SSDEEP

      12288:ah1Fk70Tnvjcu1Ny+9U9lzsL59dpl0vCFbGYUQX4s9vtuhjUSxxvpZBxZ2BRXy:0k70Trcu1Bm9lzsVTYvCBGnQIs9CjUSR

    Score
    7/10
    discoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks