Overview

overview

10

Static

static

10

5b0fcd10d3...59.exe

windows7-x64

9

5b0fcd10d3...59.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    5b0fcd10d3c38aa405c7e38d7929b620acf49111a6373d3696e1bbe1ec131c59

  • Size

    2.0MB

  • Sample

    240419-1vba7ahd5y

  • MD5

    245c90151fcc240a5fbf30f2a1a4582d

  • SHA1

    a85f49e20780bddff40bd6c8caf69c30b3885d95

  • SHA256

    5b0fcd10d3c38aa405c7e38d7929b620acf49111a6373d3696e1bbe1ec131c59

  • SHA512

    1610632308f5f97bf19e5b4d8af6ebbecb27558477a072ec2b2d94f74c19e7bf74855ea65ee8a81da32806372be28dd5d66b565c40cd2021a89c9f1c84212696

  • SSDEEP

    49152:5Mtc21ovJLvGVrdIVPnFpd5+gdFGd40Bp/+Lz6TsxW:Mxov5CIpnFpd5+gdf0BmVxW

Score
10/10
persistencespywarestealer

Malware Config

Targets

    • Target

      5b0fcd10d3c38aa405c7e38d7929b620acf49111a6373d3696e1bbe1ec131c59

    • Size

      2.0MB

    • MD5

      245c90151fcc240a5fbf30f2a1a4582d

    • SHA1

      a85f49e20780bddff40bd6c8caf69c30b3885d95

    • SHA256

      5b0fcd10d3c38aa405c7e38d7929b620acf49111a6373d3696e1bbe1ec131c59

    • SHA512

      1610632308f5f97bf19e5b4d8af6ebbecb27558477a072ec2b2d94f74c19e7bf74855ea65ee8a81da32806372be28dd5d66b565c40cd2021a89c9f1c84212696

    • SSDEEP

      49152:5Mtc21ovJLvGVrdIVPnFpd5+gdFGd40Bp/+Lz6TsxW:Mxov5CIpnFpd5+gdf0BmVxW

    Score
    9/10
    persistencespywarestealer

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks