Overview

overview

7

Static

static

3

winprofile

windows7-x64

7

winprofile

windows10-1703-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    94d8ffeddd3cef50a4d5b09eb5335098e60879996d0d57f72dad14b9289fcc46

  • Size

    688KB

  • Sample

    240311-ffs78scc76

  • MD5

    aed84b4b8397afda419da88630d1fb5d

  • SHA1

    162947f29130e7e3bca434bd21de6af0e13d544a

  • SHA256

    94d8ffeddd3cef50a4d5b09eb5335098e60879996d0d57f72dad14b9289fcc46

  • SHA512

    7847d404809267b6bd0a07085a8c0a637f061e0a53ad5e993727022f2bb0ba30e5e0b4e3138eb9b8626fa9140824a76085ba8c69c6b9837f17c971de8563ed77

  • SSDEEP

    12288:3N2ylOChVHZ4CiyBq9ph0u48c3ZZo8aSJ30Zl31qFWeKx6k9EN3hlRSx:3NhICn2vyBSoZ8c3E8nJ30r3KWeKY2EO

Score
7/10
collectiondiscoveryspywarestealer

Malware Config

Targets

    • Target

      94d8ffeddd3cef50a4d5b09eb5335098e60879996d0d57f72dad14b9289fcc46

    • Size

      688KB

    • MD5

      aed84b4b8397afda419da88630d1fb5d

    • SHA1

      162947f29130e7e3bca434bd21de6af0e13d544a

    • SHA256

      94d8ffeddd3cef50a4d5b09eb5335098e60879996d0d57f72dad14b9289fcc46

    • SHA512

      7847d404809267b6bd0a07085a8c0a637f061e0a53ad5e993727022f2bb0ba30e5e0b4e3138eb9b8626fa9140824a76085ba8c69c6b9837f17c971de8563ed77

    • SSDEEP

      12288:3N2ylOChVHZ4CiyBq9ph0u48c3ZZo8aSJ30Zl31qFWeKx6k9EN3hlRSx:3NhICn2vyBSoZ8c3E8nJ30r3KWeKY2EO

    Score
    7/10
    collectiondiscoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks