04d2a0e91a3076610fe9ee05a8cff140e0ae6ee9e7ea856e29249ae1e751eaa5 | Triage

Submit
Reports

Overview

overview

Static

static

1

222.png

windows10-1703-x64

Sharing

General

Target

222.PNG
Size

14KB
Sample

240428-f6355ahc5x
MD5

c36030f06fa84397f574f38a910b769d
SHA1

64fe84993f76a302c586cd7988aee08b039a79dd
SHA256

04d2a0e91a3076610fe9ee05a8cff140e0ae6ee9e7ea856e29249ae1e751eaa5
SHA512

3359caef7c22da2d987d7b6573ec568ad7e56742f1dce90d99f8b9a312ac651e7fe261fc83d99ac8d3b7e74b371a56e4ee1111983f78171a566aaf145b3ebf0a
SSDEEP

384:Q3jquTVtiM5/i4Qfa4N/IAc9ciZNIfTKlwBOLXJw:OqCVtiL4kpIAQcwIfOlwWw

Score

10^/10

discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

222.png

Resource

win10-20240404-en

discovery persistence spyware stealer

windows10-1703-x64

29 signatures

1800 seconds

Malware Config

Targets

- Target
  
  222.PNG
- Size
  
  14KB
- MD5
  
  c36030f06fa84397f574f38a910b769d
- SHA1
  
  64fe84993f76a302c586cd7988aee08b039a79dd
- SHA256
  
  04d2a0e91a3076610fe9ee05a8cff140e0ae6ee9e7ea856e29249ae1e751eaa5
- SHA512
  
  3359caef7c22da2d987d7b6573ec568ad7e56742f1dce90d99f8b9a312ac651e7fe261fc83d99ac8d3b7e74b371a56e4ee1111983f78171a566aaf145b3ebf0a
- SSDEEP
  
  384:Q3jquTVtiM5/i4Qfa4N/IAc9ciZNIfTKlwBOLXJw:OqCVtiL4kpIAQcwIfOlwWw
Score

10^/10

discovery persistence spyware stealer
- Suspicious use of NtCreateProcessExOtherParentProcess
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoverypersistencespywarestealer

© 2018-2024

Terms | Privacy