Overview

overview

7

Static

static

3

Step 2.exe

windows7-x64

7

Step 2.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Step 2.exe

  • Size

    768KB

  • Sample

    240225-aqawraha72

  • MD5

    1190ee286c388cb30bd69c4c5794e8ae

  • SHA1

    46989c651074a4a54aae4b099a50ea89574de97e

  • SHA256

    6447b651b215d5013d194f5ca027acb86f230227622299f6e190ca1292143bd8

  • SHA512

    76d90592f33d801a727d0468b99cf9ef052bb92df24183d2abbbf7e992d741672c18907fe9a2dccd1bde0dab232790313a025922a1b5e3857477ef6cec784599

  • SSDEEP

    12288:Zghny9HB+dzpEeHZnPNJIm2nuW/CXksrtKx1Z:Iny9HB+dNEiR2uWsroxD

Score
7/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      Step 2.exe

    • Size

      768KB

    • MD5

      1190ee286c388cb30bd69c4c5794e8ae

    • SHA1

      46989c651074a4a54aae4b099a50ea89574de97e

    • SHA256

      6447b651b215d5013d194f5ca027acb86f230227622299f6e190ca1292143bd8

    • SHA512

      76d90592f33d801a727d0468b99cf9ef052bb92df24183d2abbbf7e992d741672c18907fe9a2dccd1bde0dab232790313a025922a1b5e3857477ef6cec784599

    • SSDEEP

      12288:Zghny9HB+dzpEeHZnPNJIm2nuW/CXksrtKx1Z:Iny9HB+dNEiR2uWsroxD

    Score
    7/10
    discoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks