Overview
overview
10Static
static
102222-main/Build.exe
windows7-x64
102222-main/Build.exe
windows10-2004-x64
102222-main/...se.dll
windows7-x64
12222-main/...se.dll
windows10-2004-x64
2222-main/OTC.dll
windows7-x64
12222-main/OTC.dll
windows10-2004-x64
12222-main/OTC2.dll
windows7-x64
12222-main/OTC2.dll
windows10-2004-x64
12222-main/aurora.dll
windows7-x64
12222-main/aurora.dll
windows10-2004-x64
12222-main/...ty.dll
windows7-x64
32222-main/...ty.dll
windows10-2004-x64
32222-main/gan.exe
windows7-x64
62222-main/gan.exe
windows10-2004-x64
102222-main/mySThe.exe
windows7-x64
102222-main/mySThe.exe
windows10-2004-x64
102222-main/myporno.exe
windows7-x64
72222-main/myporno.exe
windows10-2004-x64
102222-main/pandora.dll
windows7-x64
32222-main/pandora.dll
windows10-2004-x64
32222-main/pass.exe
windows7-x64
102222-main/pass.exe
windows10-2004-x64
102222-main/petya.exe
windows7-x64
62222-main/petya.exe
windows10-2004-x64
62222-main/sheyhST.exe
windows7-x64
102222-main/sheyhST.exe
windows10-2004-x64
102222-main/...io.exe
windows7-x64
62222-main/...io.exe
windows10-2004-x64
72222-main/test.exe
windows7-x64
32222-main/test.exe
windows10-2004-x64
72222-main/token.exe
windows7-x64
62222-main/token.exe
windows10-2004-x64
6Analysis
-
max time kernel
146s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11-03-2024 18:51
Behavioral task
behavioral1
Sample
2222-main/Build.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2222-main/Build.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
2222-main/NanoSense.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
2222-main/NanoSense.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
2222-main/OTC.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
2222-main/OTC.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
2222-main/OTC2.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
2222-main/OTC2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
2222-main/aurora.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
2222-main/aurora.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
2222-main/fatality.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
2222-main/fatality.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
2222-main/gan.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
2222-main/gan.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
2222-main/mySThe.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
2222-main/mySThe.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
2222-main/myporno.exe
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
2222-main/myporno.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
2222-main/pandora.dll
Resource
win7-20240215-en
Behavioral task
behavioral20
Sample
2222-main/pandora.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
2222-main/pass.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
2222-main/pass.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
2222-main/petya.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
2222-main/petya.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
2222-main/sheyhST.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
2222-main/sheyhST.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
2222-main/stpastio.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
2222-main/stpastio.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
2222-main/test.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
2222-main/test.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
2222-main/token.exe
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
2222-main/token.exe
Resource
win10v2004-20240226-en
General
-
Target
2222-main/stpastio.exe
-
Size
1.0MB
-
MD5
76240af1d6ebffbf210af7d95b59b97e
-
SHA1
8f029dfb9a98bd1c34335010c97780ac3f602d61
-
SHA256
18f6c675acef58163ad7322fbbaf75ac8d92c50e3f4e2dd02f26bbc4a93f4262
-
SHA512
71f2a9bb9a3ba9b0123fa302c6a96f9ff5b58be7804d1a84c170c4b69173428ddbc6807e91e034b23f83db9b51dfb8c6c7ae439fb822b7887927e5c84c007687
-
SSDEEP
24576:jfQYNBhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoR12Q:Po54clgLH+tkWJ0N5
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 27 discord.com 29 discord.com -
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 6 api.ipify.org 21 ip-api.com 5 api.ipify.org -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1228 stpastio.exe 1228 stpastio.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1228 stpastio.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\ZZPyLZ078BFBFF000306D28AAE05B334\34078BFBFF000306D28AAE05B3ZZPyLZ\Browsers\Passwords\Passwords_Edge.txt
Filesize426B
MD542fa959509b3ed7c94c0cf3728b03f6d
SHA1661292176640beb0b38dc9e7a462518eb592d27d
SHA256870ef3d2370932a8938faa60abd47d75ea0af98bfa11c82ae8efe9e94fd8be00
SHA5127def291737d081c93d0cc38ac8d3062fd34d93b68d191eb0d54e9857e0c0afdbcd241471a2e10c28ce8db3b1d1ae0dba2ef6f609cfe8a1e8fe1dd103dba80007
-
C:\Users\Admin\AppData\Local\Temp\ZZPyLZ078BFBFF000306D28AAE05B334\34078BFBFF000306D28AAE05B3ZZPyLZ\Grabber\AssertResize.jpg
Filesize195KB
MD5bc69a791c507c71438971c5e0cf19fc1
SHA1a855f608d6f9edeeb6b5f95a8b3c37dd38e12540
SHA2565e69c84bc884a6e5652637e8194092ace26fb8ee572360f8d62e60f6ba9638b6
SHA51282790b56be0bbbef76de7b3364df702ffb615f09374ddc28fad781ed048ad2e32ec2d1a059ad6cae99b61fccfde82aa13d72d6f374e43d7255629cf30a5b3972
-
C:\Users\Admin\AppData\Local\Temp\ZZPyLZ078BFBFF000306D28AAE05B334\34078BFBFF000306D28AAE05B3ZZPyLZ\Grabber\StartRequest.doc
Filesize2.7MB
MD5350f0c4f39cf4747fd8ab733e0119b2e
SHA1450d8c536684cc9ab3cc647117be633a4ba14c10
SHA256f647c76ff472fa08c0f8e97d8fc49b78872613aa0adb725735d2783f9ef4ad26
SHA51273dbf6cd9160716a050f2dcfcda2c2d38aeec5b0142105f5541c797689c5fde0a9528b2558e26391cacdc04fbdf29c62a98261f1f5ef401fc119ced0f9dc2b89