Overview

overview

10

Static

static

10

Exm_Premiu...V2.exe

windows7-x64

7

Exm_Premiu...V2.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Exm_Premium_Tweaking_Utility_V2.exe

  • Size

    16.0MB

  • Sample

    240422-t1gltsde91

  • MD5

    81da6189145c24816d35bf038845e753

  • SHA1

    741dc8f77ff22f23450ab362054889828dfdbf3a

  • SHA256

    c0308e2ea71ff40ce878556504ed644435ec61502bd5d01941ed632ccec029f9

  • SHA512

    1dce39462761bff379360e3a80938bba27c7c429481fa476f54623f836f284f03dd692a4f846116ec27f4aaa5776698fb757affbd3d28e0befee3f6be1f8bf11

  • SSDEEP

    393216:bEkZgf8iSNPG7NmiZoW1+TtIiFGuvB5IjWqn6eCz1kypRXiWCoaa:bRbioKEAl1QtIZS3ILn6ehyaVoaa

Score
10/10
crealstealerpyinstallerspywarestealer

Malware Config

Targets

    • Target

      Exm_Premium_Tweaking_Utility_V2.exe

    • Size

      16.0MB

    • MD5

      81da6189145c24816d35bf038845e753

    • SHA1

      741dc8f77ff22f23450ab362054889828dfdbf3a

    • SHA256

      c0308e2ea71ff40ce878556504ed644435ec61502bd5d01941ed632ccec029f9

    • SHA512

      1dce39462761bff379360e3a80938bba27c7c429481fa476f54623f836f284f03dd692a4f846116ec27f4aaa5776698fb757affbd3d28e0befee3f6be1f8bf11

    • SSDEEP

      393216:bEkZgf8iSNPG7NmiZoW1+TtIiFGuvB5IjWqn6eCz1kypRXiWCoaa:bRbioKEAl1QtIZS3ILn6ehyaVoaa

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks