Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08-03-2024 13:08
Static task
static1
Behavioral task
behavioral1
Sample
bb57d8a7caa789eda8c9370989f58f89.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bb57d8a7caa789eda8c9370989f58f89.exe
Resource
win10v2004-20240226-en
General
-
Target
bb57d8a7caa789eda8c9370989f58f89.exe
-
Size
802KB
-
MD5
bb57d8a7caa789eda8c9370989f58f89
-
SHA1
02833704602cc1e778f82b155f6fc02e0c4c0d7c
-
SHA256
5e91204940b880947eaa95dc1cee28ff8015d625b96b76020b45f90a39e49e97
-
SHA512
88bdad152d21bdfcca471e85a9dc60cc26bd2f7251240b3413e0ad394f2320932854ed52ff704d3de8a6d28a3a7756335f85d779bb7ba677c47754a574c4b56e
-
SSDEEP
12288:7xJHC5WbHsnWIVpP6J3fMYxF8X/DsfLJiyd466cOqIlUhOtz5L8z4p7qWVPV6oPP:VFsnWod6J3fMXAiI4Pcx8dsWLFV6
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral1/memory/1500-3-0x0000000000400000-0x0000000000633000-memory.dmp upx behavioral1/memory/1500-1-0x0000000000400000-0x0000000000633000-memory.dmp upx behavioral1/memory/1500-5-0x0000000000400000-0x0000000000633000-memory.dmp upx behavioral1/memory/1500-6-0x0000000000400000-0x0000000000633000-memory.dmp upx behavioral1/memory/1500-7-0x0000000000400000-0x0000000000633000-memory.dmp upx behavioral1/memory/1500-8-0x0000000000400000-0x0000000000633000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SonyAgent = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bb57d8a7caa789eda8c9370989f58f89.exe" bb57d8a7caa789eda8c9370989f58f89.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.