Overview

overview

8

Static

static

1

images.jpg

windows10-1703-x64

8

images.jpg

windows10-2004-x64

3

images.jpg

windows11-21h2-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    images.jpg

  • Size

    1KB

  • Sample

    240405-nfs68sad6v

  • MD5

    7d64b5a53c2778f2585caf13175f7b31

  • SHA1

    14950e30268c7b5db1e44075dd5e40a782b64dd3

  • SHA256

    cfb1d1ae4e7c1ac08e797cd44f882c7c5ae6eba740011096943a64dc31c0cd42

  • SHA512

    c91efae4ee66a0fb0c6e0f1a20ea0dffa2a23e8432365a82beb82d8d87d3b2b738bf2e582be97a2567071793e0087eae7e7ae64de0b21bc1a8fd810aa575468d

Score
8/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      images.jpg

    • Size

      1KB

    • MD5

      7d64b5a53c2778f2585caf13175f7b31

    • SHA1

      14950e30268c7b5db1e44075dd5e40a782b64dd3

    • SHA256

      cfb1d1ae4e7c1ac08e797cd44f882c7c5ae6eba740011096943a64dc31c0cd42

    • SHA512

      c91efae4ee66a0fb0c6e0f1a20ea0dffa2a23e8432365a82beb82d8d87d3b2b738bf2e582be97a2567071793e0087eae7e7ae64de0b21bc1a8fd810aa575468d

    Score
    8/10
    discoverypersistencespywarestealer

    • Modifies Installed Components in the registry

      persistence

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks