01360b92f5543e359a3ae271507ded82376ee38fdf0f2310c859156738c01962 | Triage

Sharing

General

Target

Seven.zip
Size

972KB
Sample

240424-xn2ysafe57
MD5

fd7ad40bdbc9c9e91b7698ad06eec9f2
SHA1

a9c1c9c8e4dfde6bc66d9caefa21e2d3fd7fe8e2
SHA256

01360b92f5543e359a3ae271507ded82376ee38fdf0f2310c859156738c01962
SHA512

afaf2d3eb7052652102724cfb2c391aef9ef49ba4545c2018cab638a772b6a3410193ec7b98a4c7117733511abf8a154657d506eb1f6e295f926dc05933e70ef
SSDEEP

24576:shPlWqFV/lEuZOnc2S87r7bJ7BG4Sy2Y+iqjVZl+uR/GAVg9Ku+T:shPlWqlNZOc2S83Phpv+iqVjR/fgEu4

Score

8^/10

evasion spyware stealer

Malware Config

Targets

- Target
  
  Seven.dll
- Size
  
  852KB
- MD5
  
  b004b8a081c12e9904a2fc0527ebeab2
- SHA1
  
  8e24c3f8061e25e8011034cd9e25480ab3e3b3ef
- SHA256
  
  0b54d8ca5da6332b3d4795ed64aa61c9993202922390d1fd8d7a9f0aae342134
- SHA512
  
  6a38af98405cb19c0ad79ed3c7137277abc546f9f2191323c985447a79d7c5ea17db30d56e7852bf26b4c21b294ea67fb02d43ccdc73cda4998fcce619ddfab9
- SSDEEP
  
  24576:kxYqFVnlQudCBMwCSjrPZD7p44MyK8PAkqjVnlqud+/2P+A:kxYqNJdCawCSPRHjWkqXfd+/9A
Score

1^/10
behavioral1
- Target
  
  Seven.exe
- Size
  
  139KB
- MD5
  
  350273e0d2e8a9ba5e37b791016112a0
- SHA1
  
  5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71
- SHA256
  
  27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba
- SHA512
  
  b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b
- SSDEEP
  
  3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct
Score

8^/10

evasion spyware stealer
- Modifies Windows Firewall
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionspywarestealer