c371161c074c7579ffff06d2136ceafb17081381a5843280deb6fc3ff25fa8aa | Triage

Sharing

General

Target

Seven.zip
Size

745KB
Sample

240424-xq5sfsff26
MD5

7bd2d835f0e52a96b11bf171e8a226da
SHA1

7b049ac40fc0571fa5d25a800e83830c7c59eb6d
SHA256

c371161c074c7579ffff06d2136ceafb17081381a5843280deb6fc3ff25fa8aa
SHA512

af22eb183111984e0bd2917c0e0fa48dcf92b78faf01e13fd280dd94ed2fa2b594969b2cd9a1ba42359fd4fa8534d0a4b5c0e9423ef81c3db5a4b366d39fcefa
SSDEEP

12288:9iy0JAiPwqjrtlb6EHKPhmzgG+CVeTtg7+I48XmyOImDZ94ohU/agrZlpB3gbDNo:9AAiPwqjrtleEHimjhVe0KaEdHnhU/ay

Score

8^/10

evasion spyware stealer

Malware Config

Targets

- Target
  
  Seven.dll
- Size
  
  677KB
- MD5
  
  24793f4bd023720662276e34748fc6ee
- SHA1
  
  a82f469f7b152aefd3777aa96e6a8c6bff6813f4
- SHA256
  
  df5370d63b6cd884123508e584dfbe89aabd4b785dc9fc1863024a74043d7d60
- SHA512
  
  68cf52e400e5b0675f8b617844320d3f55fb313e2b35b858d333d7a199fc7f723ef5c2275170973e68a5f20e7520821a6d9f9263afea334dee0989b9ae68537d
- SSDEEP
  
  12288:0ii05gitiqjVrlb6uH0PHmngGkCdepta7+Iw8fMSGI4DZ/4KVQ/ao3Zlpx3sbyXx:06gitiqjVrlmuHYmXjdekOuUZ9jVQ/as
Score

1^/10
behavioral1
- Target
  
  Seven.exe
- Size
  
  139KB
- MD5
  
  350273e0d2e8a9ba5e37b791016112a0
- SHA1
  
  5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71
- SHA256
  
  27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba
- SHA512
  
  b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b
- SSDEEP
  
  3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct
Score

8^/10

evasion spyware stealer
- Modifies Windows Firewall
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionspywarestealer