Overview

overview

10

Static

static

10

fb4e2be09a...e4.exe

windows7-x64

8

fb4e2be09a...e4.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08f254697cab086135d454e80c0ca0c24e3982ac7d080f4fe3e9e1ba0a1e28a5

  • Size

    40KB

  • Sample

    240419-wzbejabh25

  • MD5

    2409eb49c7455d84323627b86fa2b450

  • SHA1

    607cd08deb02c7c9bf310477dcd77796a36f7afd

  • SHA256

    08f254697cab086135d454e80c0ca0c24e3982ac7d080f4fe3e9e1ba0a1e28a5

  • SHA512

    408b864a138c7bdbe280cf78864891ff822eeae63b73d8a453bf85d868347fc457397d06be3a8506964f52b74e67e1b3aa106ba6400cb0595208c7c93b5e07ab

  • SSDEEP

    768:MNYHP80gwEcGYO4vE+L73PEeCJcccHuoYKXiY6IAtXyJW6Bzo8JIFMdyn++:BvRgPXl4c+LjPBCJcc7oZX96IAt/8JI5

Score
10/10
xoristpersistencespywarestealer

Malware Config

Targets

    • Target

      fb4e2be09a30d71df83241949a9a827a62b903ce1f78e099882d0f6794fcf2e4

    • Size

      75KB

    • MD5

      7b68b999bb72801c25daf56a7f3d2aff

    • SHA1

      4b06e38e03863361d993fb6a952a1a76a59262ac

    • SHA256

      fb4e2be09a30d71df83241949a9a827a62b903ce1f78e099882d0f6794fcf2e4

    • SHA512

      5d2f76f7cea6a2c744c38cf70d9423b33b8977c42d06434ff6eff973fbe54465338c33099ab7ab0b57bb103a2230238c7ec7a52cf3483e9ec6cc37b0c4120d35

    • SSDEEP

      768:D0FmBkpKjPYpcPYPR+P+3CYOyyEStf0wmWQgoUqwo8IwGKd3ybg7lyL10XI3Ou4D:DOhCOR+tYdHSsWQdJ9EEJ3CmfiViK7t

    Score
    8/10
    persistencespywarestealer

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks