Overview

overview

10

Static

static

10

votware/vo...up.exe

windows7-x64

7

votware/vo...up.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    votware.zip

  • Size

    14.2MB

  • Sample

    240223-nxsxssfh72

  • MD5

    5666607b91fa14f6fbdd5067d405240d

  • SHA1

    0fe5e7a9e22138b154f0e4f5a185d4590b56cf18

  • SHA256

    e7f583bb9f3a6bb45a0f1b59cf2c3f2060553e939adeeebfb996c7912163c8ff

  • SHA512

    25c763da415e07f9e96268ca30ef48e3552904f5c7cf06ade457da2dcd91fae70bb4ecfa4a35ae0daaa16aae38f5fd88651b1d658ad16a7e217e23ed60266349

  • SSDEEP

    393216:BSakY4ygiBleOodeqgFmGAURbWkTK/agJY7:UHY43iBlT0edF5Rb12tJa

Score
10/10
crealstealerpyinstallerspywarestealer

Malware Config

Targets

    • Target

      votware/votware setup.exe

    • Size

      14.4MB

    • MD5

      a2eec729d72fe550ad6f08ed74d10b5c

    • SHA1

      8aeff77c539fc006cd968052678de9d73cdfc99c

    • SHA256

      27966ee7482797adad4840838bded44ecb78bc9bcdbd4a16a753d777cfc0bd25

    • SHA512

      2014574b4a724d1604e461e50f14489a825ef7c3a1404397cd5d4f9aa16c2d0bf6cc9f3069d89bb2c5fea3e6a5ebe0ac04c8eaab7b5efe38400290d6add2cea1

    • SSDEEP

      393216:yEkZQJidQuslSq99oWOv+9fgpFO8Mqvst:yhQwdQuSDorvSYpFBlv

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks