Overview

overview

10

Static

static

10

be8bc58cd6...e1.exe

windows7-x64

9

be8bc58cd6...e1.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    be8bc58cd6bc8795e37186f67cf9ff7b95fa4afe44f298b7e5cfde8dc4636fe1

  • Size

    931KB

  • Sample

    240308-2q4bvahd62

  • MD5

    af83a4691b4b08204f4bf419c7ab5f00

  • SHA1

    d8b386e77cb3a5c9f7ef82778b25c80c3725db3d

  • SHA256

    be8bc58cd6bc8795e37186f67cf9ff7b95fa4afe44f298b7e5cfde8dc4636fe1

  • SHA512

    51d994c2324ff081dbc6d2c2590aa17c06dc326fdf2e0994de7f1a80aed62efd1f43f1088fb441899d40408c57789251ce11116adc799623c68fefc81af82174

  • SSDEEP

    24576:861LNQSJ2iydHvb8fZVS8aVdbw0FosQsESrw+LV0CDye:5zXJH2HvbyVfmBQYrw+5ZOe

Score
10/10
persistencespywarestealer

Malware Config

Targets

    • Target

      be8bc58cd6bc8795e37186f67cf9ff7b95fa4afe44f298b7e5cfde8dc4636fe1

    • Size

      931KB

    • MD5

      af83a4691b4b08204f4bf419c7ab5f00

    • SHA1

      d8b386e77cb3a5c9f7ef82778b25c80c3725db3d

    • SHA256

      be8bc58cd6bc8795e37186f67cf9ff7b95fa4afe44f298b7e5cfde8dc4636fe1

    • SHA512

      51d994c2324ff081dbc6d2c2590aa17c06dc326fdf2e0994de7f1a80aed62efd1f43f1088fb441899d40408c57789251ce11116adc799623c68fefc81af82174

    • SSDEEP

      24576:861LNQSJ2iydHvb8fZVS8aVdbw0FosQsESrw+LV0CDye:5zXJH2HvbyVfmBQYrw+5ZOe

    Score
    9/10
    persistencespywarestealer

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks