Overview

overview

7

Static

static

3

b00bd190f3...72.exe

windows7-x64

7

Resubmissions

03-04-2024 06:55

240403-hp427sah39 7

03-04-2024 06:54

240403-hpe33sac4z 7

03-04-2024 06:51

240403-hmzdyaag99 7

03-04-2024 06:50

240403-hl3d7sac31 7

29-12-2023 14:51

231229-r757nahdf3 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b00bd190f37328c060a0446e6414de72.exe

  • Size

    119KB

  • Sample

    240403-hpe33sac4z

  • MD5

    b00bd190f37328c060a0446e6414de72

  • SHA1

    77c019f6d4beba4fd716dca07c83ca328c3a9946

  • SHA256

    cc9e5bfeb86b7fe80b33a4004eb0912820f09dec29a426a8a4136f7306c08d04

  • SHA512

    ed0872416306e848813df3408ee0d8a0c118dda262052baeb92f38a9a5fd695824debe790a35916a6b1008157cbc45ff77ea1795fb8a82d8448f0d91141abd8c

  • SSDEEP

    1536:FWJh7/8e1tw7/BLb8T1Bo0YDF9mAARU3dRL2O9bRo7rKRuAsL0z+hXunzbpImKW9:0ke18JLQT1SZLz9bRo3KTRKhKJKWkk

Score
7/10
collectiondiscoveryspywarestealer

Malware Config

Targets

    • Target

      b00bd190f37328c060a0446e6414de72.exe

    • Size

      119KB

    • MD5

      b00bd190f37328c060a0446e6414de72

    • SHA1

      77c019f6d4beba4fd716dca07c83ca328c3a9946

    • SHA256

      cc9e5bfeb86b7fe80b33a4004eb0912820f09dec29a426a8a4136f7306c08d04

    • SHA512

      ed0872416306e848813df3408ee0d8a0c118dda262052baeb92f38a9a5fd695824debe790a35916a6b1008157cbc45ff77ea1795fb8a82d8448f0d91141abd8c

    • SSDEEP

      1536:FWJh7/8e1tw7/BLb8T1Bo0YDF9mAARU3dRL2O9bRo7rKRuAsL0z+hXunzbpImKW9:0ke18JLQT1SZLz9bRo3KTRKhKJKWkk

    Score
    7/10
    collectiondiscoveryspywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

1
T1552.001

Credentials in Registry

1
T1552.002

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks