Overview
overview
8Static
static
8micify-ste...px.exe
windows7-x64
7micify-ste...px.exe
windows10-2004-x64
7micify-ste...ium.py
windows7-x64
3micify-ste...ium.py
windows10-2004-x64
3micify-ste...dex.py
windows7-x64
3micify-ste...dex.py
windows10-2004-x64
3micify-ste...in.exe
windows7-x64
7micify-ste...in.exe
windows10-2004-x64
7Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28-04-2024 13:43
Behavioral task
behavioral1
Sample
micify-stealer-main4.21/micify-stealer-main/UPX/upx.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
micify-stealer-main4.21/micify-stealer-main/UPX/upx.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
micify-stealer-main4.21/micify-stealer-main/Waltuhium.py
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
micify-stealer-main4.21/micify-stealer-main/Waltuhium.py
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
micify-stealer-main4.21/micify-stealer-main/index.py
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
micify-stealer-main4.21/micify-stealer-main/index.py
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
micify-stealer-main4.21/micify-stealer-main/main.exe
Resource
win7-20240221-en
General
-
Target
micify-stealer-main4.21/micify-stealer-main/main.exe
-
Size
19.8MB
-
MD5
ce52604a9ada5cf25e82b078688ad019
-
SHA1
6eddf09acd225f25945dfb088ae8ff50d4dcd1b4
-
SHA256
88490f0f3245ea7b04344b71884a3ec939053f2c030272c1d6b29fab5846cdb8
-
SHA512
ba95a4d55ff192ef241ae0ff17cbd83d343a99b34cf59d37014d84a29e0669af48ba2303441418f3e12112c2732dc4c8fa5f7fac910a506eef95777e60b1d58e
-
SSDEEP
393216:CEkZQtsJJpUTLfhJKQETSrvJQ7ErYeG41UXFZeGZ:ChQtshUTLJQQEWrhQI/5
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
main.exepid process 1652 main.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
main.exedescription pid process target process PID 2888 wrote to memory of 1652 2888 main.exe main.exe PID 2888 wrote to memory of 1652 2888 main.exe main.exe PID 2888 wrote to memory of 1652 2888 main.exe main.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\micify-stealer-main4.21\micify-stealer-main\main.exe"C:\Users\Admin\AppData\Local\Temp\micify-stealer-main4.21\micify-stealer-main\main.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\micify-stealer-main4.21\micify-stealer-main\main.exe"C:\Users\Admin\AppData\Local\Temp\micify-stealer-main4.21\micify-stealer-main\main.exe"2⤵
- Loads dropped DLL
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI28882\python311.dllFilesize
5.5MB
MD55a5dd7cad8028097842b0afef45bfbcf
SHA1e247a2e460687c607253949c52ae2801ff35dc4a
SHA256a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce
SHA512e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858