e5d98e899c3d47b25bf33f172ec2d290791b1dab8a349482beed393c22d970d6 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

cryptolaemus

windows10-2004-x64

8

cryptolaemus

windows11-21h2-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

e5d98e899c3d47b25bf33f172ec2d290791b1dab8a349482beed393c22d970d6
Size

6.7MB
Sample

240406-rese4acf39
MD5

8c0b6185b6283b9a04648bbc44b8c7f9
SHA1

ffba6fff474fd3e58a2ed282b2c77738d245a42c
SHA256

e5d98e899c3d47b25bf33f172ec2d290791b1dab8a349482beed393c22d970d6
SHA512

0ec2132151f993066a28fcb95c958e1fe5255c78ee318e4d8cb413ef2e648d3b301d746cad5af82d72b5c70ebded8ad98fac9e46be2c681ba9534b712dca4a23
SSDEEP

98304:91Od6S+s82WJ/pIY4+aJoHHFBozt4FnmRVQNWvV+AV6XUEtRZ0/kVQDVEKAB:91OsS+/2O/p4JoHlBoyF0Cg+AqDXZPCA

Score

8^/10

discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e5d98e899c3d47b25bf33f172ec2d290791b1dab8a349482beed393c22d970d6.exe

Resource

win10v2004-20240226-en

discovery spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

e5d98e899c3d47b25bf33f172ec2d290791b1dab8a349482beed393c22d970d6.exe

Resource

win11-20240319-en

discovery spyware stealer

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  e5d98e899c3d47b25bf33f172ec2d290791b1dab8a349482beed393c22d970d6
- Size
  
  6.7MB
- MD5
  
  8c0b6185b6283b9a04648bbc44b8c7f9
- SHA1
  
  ffba6fff474fd3e58a2ed282b2c77738d245a42c
- SHA256
  
  e5d98e899c3d47b25bf33f172ec2d290791b1dab8a349482beed393c22d970d6
- SHA512
  
  0ec2132151f993066a28fcb95c958e1fe5255c78ee318e4d8cb413ef2e648d3b301d746cad5af82d72b5c70ebded8ad98fac9e46be2c681ba9534b712dca4a23
- SSDEEP
  
  98304:91Od6S+s82WJ/pIY4+aJoHHFBozt4FnmRVQNWvV+AV6XUEtRZ0/kVQDVEKAB:91OsS+/2O/p4JoHlBoyF0Cg+AqDXZPCA
Score

8^/10

discovery spyware stealer
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2025

Terms | Privacy