Overview

overview

10

Static

static

3

Flame.exe

windows7-x64

10

Flame.exe

windows10-2004-x64

10

cstealer.pyc

windows7-x64

3

cstealer.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Flame.exe

  • Size

    16.9MB

  • Sample

    240315-wmcrtshb94

  • MD5

    93aa6e8b549da8466c54dd90a1a8e76e

  • SHA1

    d64733c3b058db001b0368eb66044c303dcecad6

  • SHA256

    c328ee0d8c7308d2612122290e81b13f7d1d52e22d5f221a49328a03f56c6449

  • SHA512

    1539549a6507f7eeae6d7aedf9c1fe9aabbc3690e836bcd81dcff5f68c9dc3b8df9f05cf4984abc90f73a8c090a5e575172096df7fec930ee6c5e1a9ccc6fe90

  • SSDEEP

    393216:vZEkZgf8XgP8AxYDX1+TtIiFGuvB5IjWqn6eclz1SypX8Wjs+d9:RRbXbX71QtIZS3ILn6ecayCes+d9

Score
10/10
evasionpersistencepyinstallerspywarestealer

Malware Config

Targets

    • Target

      Flame.exe

    • Size

      16.9MB

    • MD5

      93aa6e8b549da8466c54dd90a1a8e76e

    • SHA1

      d64733c3b058db001b0368eb66044c303dcecad6

    • SHA256

      c328ee0d8c7308d2612122290e81b13f7d1d52e22d5f221a49328a03f56c6449

    • SHA512

      1539549a6507f7eeae6d7aedf9c1fe9aabbc3690e836bcd81dcff5f68c9dc3b8df9f05cf4984abc90f73a8c090a5e575172096df7fec930ee6c5e1a9ccc6fe90

    • SSDEEP

      393216:vZEkZgf8XgP8AxYDX1+TtIiFGuvB5IjWqn6eclz1SypX8Wjs+d9:RRbXbX71QtIZS3ILn6ecayCes+d9

    Score
    10/10
    evasionpersistencepyinstallerspywarestealer

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      cstealer.pyc

    • Size

      67KB

    • MD5

      b50ae745b0ee4b6faf241c63026d466b

    • SHA1

      9f1bbcaaf529d3c77e05e45ed925466f12f5eafa

    • SHA256

      673af425d467ab4b0fe785ce126de885dc85aa095a7239023ad9a9d32a560beb

    • SHA512

      0f7f39683d3189474dd728cdc6b959e069f634ea3667e0b9f2e436577b2d410d0b2604526fc055e05802d177791da03485cf04efdaf832221882356ec4292169

    • SSDEEP

      1536:l0xqOgTxpqBJlMstbo88jLQQcXf9qS0Vr+LRheG:lqc/+bo88PiXX0r+LRP

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks