1cdf0dcd13a46906d73588a4f2ef20637d25706ce90b53a7b6f1701c28cb3596 | Triage

Submit
Reports

Overview

overview

Static

static

1f4e927f6e...a4.exe

windows7-x64

8

1f4e927f6e...a4.exe

windows10-1703-x64

8

1f4e927f6e...a4.exe

windows10-2004-x64

8

1f4e927f6e...a4.exe

windows11-21h2-x64

8

Resubmissions

26-03-2024 14:35

240326-ryecksfd5y 10

26-03-2024 14:27

240326-rse2xsfb8y 10

Sharing

General

Target

New folder.rar
Size

15.3MB
Sample

240326-ryecksfd5y
MD5

6677e9a1e490857b5bdfb0744cd260fe
SHA1

20a0692c3001f36c56f811d614dfbe6b2a0b5612
SHA256

1cdf0dcd13a46906d73588a4f2ef20637d25706ce90b53a7b6f1701c28cb3596
SHA512

52c80873ff9d70a2ef1669ccfb1f2e1cfeb2a521102d0b38164c88f680924b84560245c3104b6c7e742bd952617db405720f6b08f541d6c4cdf1c33a25478ab6
SSDEEP

393216:NUYQW+GfB8a8lENPHeGcC6yz9Jp0tu/5TKP0Arl:y9GfBntHeO9Jpn/Fe0AR

Score

10^/10

persistence pyinstaller spyware stealer upx

Static task

static1

upx pyinstaller

5 signatures

Behavioral task

behavioral1

Sample

1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe

Resource

win7-20240220-en

persistence spyware stealer

windows7-x64

17 signatures

1800 seconds

Behavioral task

behavioral2

Sample

1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe

Resource

win10-20240221-en

persistence spyware stealer

windows10-1703-x64

20 signatures

1800 seconds

Behavioral task

behavioral3

Sample

1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe

Resource

win10v2004-20240226-en

persistence spyware stealer

windows10-2004-x64

12 signatures

1800 seconds

Behavioral task

behavioral4

Sample

1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe

Resource

win11-20240221-en

persistence spyware stealer

windows11-21h2-x64

22 signatures

1800 seconds

Malware Config

Targets

- Target
  
  1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
- Size
  
  2.2MB
- MD5
  
  f5f2f6c370db4b38bdf8032ea3ef2a64
- SHA1
  
  b5e188540539bc2b1d128f408160fa91e724c84b
- SHA256
  
  1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4
- SHA512
  
  f2216faac5d07fb2d6f3faf6cf1e18e94c0ada8aba35a8d2d8491efd1ada526d5358a592b6877a9783cc9b5e81dd54fec8b9969ffd650c0f8aff2e3243dbe18c
- SSDEEP
  
  49152:UtAZanCoV4BdnctNbS/iXmYjlV8O7pzTs8OYFFxZbVybdXERd:9x6Mdn0p7pzTsQR
Score

8^/10

persistence spyware stealer
- Drops file in Drivers directory
- Modifies Installed Components in the registry
  persistence
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer

behavioral3

persistencespywarestealer

behavioral4

persistencespywarestealer

© 2018-2024

Terms | Privacy