Overview

overview

7

Static

static

3

q9cee706b7...b3.exe

windows7-x64

7

q9cee706b7...b3.exe

windows10-1703-x64

7

q9cee706b7...b3.exe

windows10-2004-x64

7

q9cee706b7...b3.exe

windows11-21h2-x64

7

Resubmissions

10/04/2024, 02:53

240410-ddcrcsff3z 7

10/04/2024, 02:53

240410-ddb5tscc79 7

10/04/2024, 02:53

240410-ddbt3aff3w 7

10/04/2024, 02:53

240410-ddbjasff3v 7

14/10/2023, 10:48

231014-mwhvrsce7y 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    q9cee706b7cbe32e33ace42b3.exe

  • Size

    285KB

  • Sample

    240410-ddbt3aff3w

  • MD5

    ecabf4d6692cd5ec991817f3b4a3170a

  • SHA1

    7aa0c00f7d624ea1fc99496f28ba7787fd38e680

  • SHA256

    756478606cced2d82be4625672faf105fdc9ab901757740a619b70b0bf102331

  • SHA512

    23e213b010f3073d14ec918d80b3e519a3d59133b1d3798f4567337e6c689d500bb2ea10fb394de03d2e57b8a377402132f77466dd33410136241d8d1ded92ca

  • SSDEEP

    3072:ix9JdT0pDj9yVfAK97GCkCYv+dRO7ZrLciXpDG/CdVWh6nt0lhLMgE/wV2p7vvSo:lSAY7GxZ8/ZQgEwV/ydcuCDY9bbzR38

Score
7/10
collectiondiscoveryspywarestealer

Malware Config

Targets

    • Target

      q9cee706b7cbe32e33ace42b3.exe

    • Size

      285KB

    • MD5

      ecabf4d6692cd5ec991817f3b4a3170a

    • SHA1

      7aa0c00f7d624ea1fc99496f28ba7787fd38e680

    • SHA256

      756478606cced2d82be4625672faf105fdc9ab901757740a619b70b0bf102331

    • SHA512

      23e213b010f3073d14ec918d80b3e519a3d59133b1d3798f4567337e6c689d500bb2ea10fb394de03d2e57b8a377402132f77466dd33410136241d8d1ded92ca

    • SSDEEP

      3072:ix9JdT0pDj9yVfAK97GCkCYv+dRO7ZrLciXpDG/CdVWh6nt0lhLMgE/wV2p7vvSo:lSAY7GxZ8/ZQgEwV/ydcuCDY9bbzR38

    Score
    7/10
    collectionspywarestealerdiscovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks