1c6191ddeb164efff30358f7de88022577b6bfe0dfbe0a29ab0f3a2b25637bd2 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

systemutilities.msi

windows7-x64

6

systemutilities.msi

windows10-2004-x64

7

Sharing

General

Target

systemutilities.msi
Size

9.9MB
Sample

240408-3enbxseh75
MD5

41eda719c231e212e02b2683d36edfa4
SHA1

7257a3350b7b856c16b146ff063f002b42903543
SHA256

1c6191ddeb164efff30358f7de88022577b6bfe0dfbe0a29ab0f3a2b25637bd2
SHA512

1d7382b75d1b12a690d2caeead05c74c3fe83f7888be1bee1bbcfec31d0675967473393b39af87d97ad10c91d2ad6420ad0be8ac58b45d88779ec8e9c4403e77
SSDEEP

196608:mkBx8XfML5Nf7QJ91JUREHYtDBkXfML5D9qdSK:mw8XfMvy91JUgyDOXfM1I

Score

7^/10

discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

systemutilities.msi

Resource

win7-20240221-en

discovery persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

systemutilities.msi

Resource

win10v2004-20240226-en

discovery persistence spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  systemutilities.msi
- Size
  
  9.9MB
- MD5
  
  41eda719c231e212e02b2683d36edfa4
- SHA1
  
  7257a3350b7b856c16b146ff063f002b42903543
- SHA256
  
  1c6191ddeb164efff30358f7de88022577b6bfe0dfbe0a29ab0f3a2b25637bd2
- SHA512
  
  1d7382b75d1b12a690d2caeead05c74c3fe83f7888be1bee1bbcfec31d0675967473393b39af87d97ad10c91d2ad6420ad0be8ac58b45d88779ec8e9c4403e77
- SSDEEP
  
  196608:mkBx8XfML5Nf7QJ91JUREHYtDBkXfML5D9qdSK:mw8XfMvy91JUgyDOXfM1I
Score

7^/10

discovery persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistencespywarestealer

© 2018-2024

Terms | Privacy