Overview

overview

10

Static

static

3

b83c41763b...23.exe

windows7-x64

10

b83c41763b...23.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-04-2024 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b83c41763b5e861e15614d3d6ab8573c7948bf176143ee4142516e9b8bcb4423.exe

  • Size

    738KB

  • MD5

    059c5bbec45da7e50d92a54160622d36

  • SHA1

    a97230965dea34f32ac9db418aece125ceb63426

  • SHA256

    b83c41763b5e861e15614d3d6ab8573c7948bf176143ee4142516e9b8bcb4423

  • SHA512

    815f69af1f09a2de5d1ee323ef77d203985d516413ab482d635e48d012717b2d7bcac84127d0425a4a879a8e25079dff369482940d5a6bf1be0066fe5e08246b

  • SSDEEP

    12288:4ywZ/z12SBEnKMY+7/Cw6nTcRu5sj1LjOJngWoBPrndO1fcWsfdNcG8zUx:4Z/zHsR76w6nTcRu5s1jXBznY101f+zm

Score
10/10
outsteelspywarestealer

Malware Config

Signatures

  • OutSteel

    OutSteel is a file uploader and document stealer written in AutoIT.

    stealeroutsteel
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • AutoIT Executable 10 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of WriteProcessMemory 51 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b83c41763b5e861e15614d3d6ab8573c7948bf176143ee4142516e9b8bcb4423.exe
    "C:\Users\Admin\AppData\Local\Temp\b83c41763b5e861e15614d3d6ab8573c7948bf176143ee4142516e9b8bcb4423.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of WriteProcessMemory
    PID:4012
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.doc" /S /B /A
      2⤵
        PID:2124
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.pdf" /S /B /A
        2⤵
          PID:2176
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.ppt" /S /B /A
          2⤵
            PID:2516
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.dot" /S /B /A
            2⤵
              PID:4292
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.xl" /S /B /A
              2⤵
                PID:4996
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.csv" /S /B /A
                2⤵
                  PID:1676
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.rtf" /S /B /A
                  2⤵
                    PID:4772
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.dot" /S /B /A
                    2⤵
                      PID:4160
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.mdb" /S /B /A
                      2⤵
                        PID:2408
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.accdb" /S /B /A
                        2⤵
                          PID:4580
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.pot" /S /B /A
                          2⤵
                            PID:3112
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.pps" /S /B /A
                            2⤵
                              PID:4332
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.ppa" /S /B /A
                              2⤵
                                PID:4452
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.rar" /S /B /A
                                2⤵
                                  PID:4604
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.zip" /S /B /A
                                  2⤵
                                    PID:3012
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.tar" /S /B /A
                                    2⤵
                                      PID:2820
                                    • C:\Windows\SysWOW64\cmd.exe
                                      C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.7z" /S /B /A
                                      2⤵
                                        PID:4476

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • memory/4012-1-0x00000000005B0000-0x00000000006B0000-memory.dmp

                                      Filesize

                                      1024KB

                                      Download

                                    • memory/4012-2-0x0000000002120000-0x00000000021FD000-memory.dmp

                                      Filesize

                                      884KB

                                      Download

                                    • memory/4012-3-0x0000000000400000-0x00000000004E2000-memory.dmp

                                      Filesize

                                      904KB

                                      Download

                                    • memory/4012-4-0x0000000000400000-0x00000000004E2000-memory.dmp

                                      Filesize

                                      904KB

                                      Download

                                    • memory/4012-6-0x00000000005B0000-0x00000000006B0000-memory.dmp

                                      Filesize

                                      1024KB

                                      Download

                                    • memory/4012-7-0x0000000002120000-0x00000000021FD000-memory.dmp

                                      Filesize

                                      884KB

                                      Download

                                    • memory/4012-8-0x0000000000400000-0x00000000004E2000-memory.dmp

                                      Filesize

                                      904KB

                                      Download

                                    • memory/4012-10-0x0000000000400000-0x00000000004E2000-memory.dmp

                                      Filesize

                                      904KB

                                      Download

                                    • memory/4012-12-0x0000000000400000-0x00000000004E2000-memory.dmp

                                      Filesize

                                      904KB

                                      Download

                                    • memory/4012-14-0x0000000000400000-0x00000000004E2000-memory.dmp

                                      Filesize

                                      904KB

                                      Download

                                    • memory/4012-17-0x0000000000400000-0x00000000004E2000-memory.dmp

                                      Filesize

                                      904KB

                                      Download

                                    • memory/4012-19-0x0000000000400000-0x00000000004E2000-memory.dmp

                                      Filesize

                                      904KB

                                      Download