Overview

overview

10

Static

static

10

0cb3026b28...66.exe

windows7-x64

9

0cb3026b28...66.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0cb3026b28ab359211f50176bc8f920884474445331155c4b9a3d5bc11f93266

  • Size

    271KB

  • Sample

    240428-w7fdfsec7y

  • MD5

    e94d9a5d0a03d3f2bf241a50eea621bc

  • SHA1

    1e915cbf1017cf35ad92c3c06f96b7719062e156

  • SHA256

    0cb3026b28ab359211f50176bc8f920884474445331155c4b9a3d5bc11f93266

  • SHA512

    2154f9e4f349842217bb97c4e497a91eee6ab3789a6c1f1c7e926e8877a021e496efc61ee69a2e8d5128f47171a204f98a8e262bd30ea557880a0d4eaf85944c

  • SSDEEP

    6144:/rTfUHeeSKOS9ccFKk3Y9t9YZfnVUBTUeg:/n8yN0Mr8ZfnVUBTTg

Score
10/10
persistencespywarestealer

Malware Config

Targets

    • Target

      0cb3026b28ab359211f50176bc8f920884474445331155c4b9a3d5bc11f93266

    • Size

      271KB

    • MD5

      e94d9a5d0a03d3f2bf241a50eea621bc

    • SHA1

      1e915cbf1017cf35ad92c3c06f96b7719062e156

    • SHA256

      0cb3026b28ab359211f50176bc8f920884474445331155c4b9a3d5bc11f93266

    • SHA512

      2154f9e4f349842217bb97c4e497a91eee6ab3789a6c1f1c7e926e8877a021e496efc61ee69a2e8d5128f47171a204f98a8e262bd30ea557880a0d4eaf85944c

    • SSDEEP

      6144:/rTfUHeeSKOS9ccFKk3Y9t9YZfnVUBTUeg:/n8yN0Mr8ZfnVUBTTg

    Score
    9/10
    persistencespywarestealer

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks