664cf9b9a6c02eb803043cae1e2097d9fd1fa5c7fed6def439a969d6d5ea260b | Triage

Sharing

General

Target

SecuriteInfo.com.Win64.CrypterX-gen.14448.17144
Size

673KB
Sample

240328-lc6l2sfa75
MD5

e31217888b467821745770b0f9565f66
SHA1

a6b7f7f96f02c2e78f6d35570948f29ee89665d9
SHA256

664cf9b9a6c02eb803043cae1e2097d9fd1fa5c7fed6def439a969d6d5ea260b
SHA512

89e9ed74673f5894e4fc39d64cb0f74c2c8ac0e0a35d2c8ff11d95497bdbf3f799c87c3f2e86c03ece91e42002e67bd6de85023ca7a9264e2ae2fdc397e49557
SSDEEP

12288:kFjT8uf3TofH0ZYV4WYgeWYg955/155/9cR/DafecSUu9+sAS81mRhNmFbIesLIn:kaA3TofHEYVjg2fpHCIjCPfOtMdi

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Win64.CrypterX-gen.14448.17144
- Size
  
  673KB
- MD5
  
  e31217888b467821745770b0f9565f66
- SHA1
  
  a6b7f7f96f02c2e78f6d35570948f29ee89665d9
- SHA256
  
  664cf9b9a6c02eb803043cae1e2097d9fd1fa5c7fed6def439a969d6d5ea260b
- SHA512
  
  89e9ed74673f5894e4fc39d64cb0f74c2c8ac0e0a35d2c8ff11d95497bdbf3f799c87c3f2e86c03ece91e42002e67bd6de85023ca7a9264e2ae2fdc397e49557
- SSDEEP
  
  12288:kFjT8uf3TofH0ZYV4WYgeWYg955/155/9cR/DafecSUu9+sAS81mRhNmFbIesLIn:kaA3TofHEYVjg2fpHCIjCPfOtMdi
Score

8^/10

spyware stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2