Overview

overview

10

Static

static

10

ff91001ef2...66.exe

windows7-x64

9

ff91001ef2...66.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff91001ef2853c17052d86b1d0f9469086e7bf7ef28f4bb4a39042ab42d8c966

  • Size

    2.0MB

  • Sample

    240314-bcvvfaeg31

  • MD5

    352f1cf7fce68112687c09346bf100d5

  • SHA1

    6c113f3977f132bf7e932fb706db2ff2859de5e1

  • SHA256

    ff91001ef2853c17052d86b1d0f9469086e7bf7ef28f4bb4a39042ab42d8c966

  • SHA512

    de2b1cf91d6f5d6b58ff47bb2b2f518228c6999bee021fa60f8676e29d4e0a1b8d73aa865aea9759730acf003edeff0aaf9281945bc530636d3eb52356779e0f

  • SSDEEP

    49152:BO0umU+9cxGHBJ+hvueIDpMXkLMU0XqcWTeLEY:VumUGcx0WvqDB4U0Xqc8wEY

Score
10/10
persistencespywarestealer

Malware Config

Targets

    • Target

      ff91001ef2853c17052d86b1d0f9469086e7bf7ef28f4bb4a39042ab42d8c966

    • Size

      2.0MB

    • MD5

      352f1cf7fce68112687c09346bf100d5

    • SHA1

      6c113f3977f132bf7e932fb706db2ff2859de5e1

    • SHA256

      ff91001ef2853c17052d86b1d0f9469086e7bf7ef28f4bb4a39042ab42d8c966

    • SHA512

      de2b1cf91d6f5d6b58ff47bb2b2f518228c6999bee021fa60f8676e29d4e0a1b8d73aa865aea9759730acf003edeff0aaf9281945bc530636d3eb52356779e0f

    • SSDEEP

      49152:BO0umU+9cxGHBJ+hvueIDpMXkLMU0XqcWTeLEY:VumUGcx0WvqDB4U0Xqc8wEY

    Score
    9/10
    persistencespywarestealer

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks