Overview

overview

8

Static

static

1

e217c48c43...a8.msi

windows7-x64

6

e217c48c43...a8.msi

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e217c48c435a04855cf0c439259a95392122064002d4881cf093cc59f813aba8

  • Size

    5.9MB

  • Sample

    240410-rw3x6aed4z

  • MD5

    c5c0829df294cc4fd701df5d5c55718f

  • SHA1

    fd581050fe011ff6e71463c9dcc68de14571ef04

  • SHA256

    e217c48c435a04855cf0c439259a95392122064002d4881cf093cc59f813aba8

  • SHA512

    0d40fd22298a5f5537402392ccc707a3fa5421e3501a4867efc8d39c9d343f22f9c0476e427a53b28e02d43e8533c587e590a8716c75a6a5b21c0e65d4505d1b

  • SSDEEP

    98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEqT:w9mzytc/CKDllTllCeue6STzKT

Score
8/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      e217c48c435a04855cf0c439259a95392122064002d4881cf093cc59f813aba8

    • Size

      5.9MB

    • MD5

      c5c0829df294cc4fd701df5d5c55718f

    • SHA1

      fd581050fe011ff6e71463c9dcc68de14571ef04

    • SHA256

      e217c48c435a04855cf0c439259a95392122064002d4881cf093cc59f813aba8

    • SHA512

      0d40fd22298a5f5537402392ccc707a3fa5421e3501a4867efc8d39c9d343f22f9c0476e427a53b28e02d43e8533c587e590a8716c75a6a5b21c0e65d4505d1b

    • SSDEEP

      98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEqT:w9mzytc/CKDllTllCeue6STzKT

    Score
    8/10
    discoverypersistencespywarestealer

    • Sets service image path in registry

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks