Overview

overview

10

Static

static

3

Flame.exe

windows7-x64

10

Flame.exe

windows10-2004-x64

10

cstealer.pyc

windows7-x64

3

cstealer.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/03/2024, 18:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cstealer.pyc

  • Size

    67KB

  • MD5

    b50ae745b0ee4b6faf241c63026d466b

  • SHA1

    9f1bbcaaf529d3c77e05e45ed925466f12f5eafa

  • SHA256

    673af425d467ab4b0fe785ce126de885dc85aa095a7239023ad9a9d32a560beb

  • SHA512

    0f7f39683d3189474dd728cdc6b959e069f634ea3667e0b9f2e436577b2d410d0b2604526fc055e05802d177791da03485cf04efdaf832221882356ec4292169

  • SSDEEP

    1536:l0xqOgTxpqBJlMstbo88jLQQcXf9qS0Vr+LRheG:lqc/+bo88PiXX0r+LRP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\cstealer.pyc
    1⤵
    • Modifies registry class
    PID:4784
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads