Overview

overview

8

Static

static

3

Dark Spy.exe

windows7-x64

7

Dark Spy.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Dark Spy.exe

  • Size

    736KB

  • Sample

    240223-h8jwdadc3x

  • MD5

    7a717474a15003f4062ee44e5b736cac

  • SHA1

    155734f8c9769b6bef76f917b386e9e08dd3aef7

  • SHA256

    e06cb1e6667e1bdee08ef27f1a31ac9c82141c63d87217c9ee596e2aebce1a45

  • SHA512

    a0ff825f3c4240720b95ae241140eede25cb09ee0044618ad34e777f40cdf8536b0ba584b81b74b7e046143ad151d59759f107144968d13f12cebbb16bc53c2d

  • SSDEEP

    12288:MLYOCZgHujarAXRhkNF2d9WLjzEDa6mZr6yeHPF:CCK/duyeHPF

Score
8/10
microsoftdiscoveryphishingspywarestealer

Malware Config

Targets

    • Target

      Dark Spy.exe

    • Size

      736KB

    • MD5

      7a717474a15003f4062ee44e5b736cac

    • SHA1

      155734f8c9769b6bef76f917b386e9e08dd3aef7

    • SHA256

      e06cb1e6667e1bdee08ef27f1a31ac9c82141c63d87217c9ee596e2aebce1a45

    • SHA512

      a0ff825f3c4240720b95ae241140eede25cb09ee0044618ad34e777f40cdf8536b0ba584b81b74b7e046143ad151d59759f107144968d13f12cebbb16bc53c2d

    • SSDEEP

      12288:MLYOCZgHujarAXRhkNF2d9WLjzEDa6mZr6yeHPF:CCK/duyeHPF

    Score
    8/10
    discoveryspywarestealermicrosoftphishing

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks