2a79a215c4062fcdba530ef193c18671f38c5e2f87bc55270e77f8621dbf3573 | Triage

Submit
Reports

Overview

overview

Static

static

2a79a215c4...73.exe

windows7-x64

9

2a79a215c4...73.exe

windows10-2004-x64

9

Sharing

General

Target

2a79a215c4062fcdba530ef193c18671f38c5e2f87bc55270e77f8621dbf3573
Size

316KB
Sample

240428-yddzmsfd55
MD5

7a983e05228617eb59e2583a99c011f0
SHA1

a76c01acb530654e3c2007d6ab56361fea06773f
SHA256

2a79a215c4062fcdba530ef193c18671f38c5e2f87bc55270e77f8621dbf3573
SHA512

ee76d466a474364c9692878236ec9c6e86c44af7192f25efeded774993a9c932853caca44c24974cedd5bc55a9d97b5f15a9fd06e05418ae4aa9037bc14d54f9
SSDEEP

6144:9rTfUHeeSKOS9ccFKk3Y9t9YTcPeLFZhTgp:9n8yN0Mr8TcPehrMp

Score

10^/10

persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2a79a215c4062fcdba530ef193c18671f38c5e2f87bc55270e77f8621dbf3573.exe

Resource

win7-20240221-en

persistence spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2a79a215c4062fcdba530ef193c18671f38c5e2f87bc55270e77f8621dbf3573.exe

Resource

win10v2004-20240419-en

persistence spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2a79a215c4062fcdba530ef193c18671f38c5e2f87bc55270e77f8621dbf3573
- Size
  
  316KB
- MD5
  
  7a983e05228617eb59e2583a99c011f0
- SHA1
  
  a76c01acb530654e3c2007d6ab56361fea06773f
- SHA256
  
  2a79a215c4062fcdba530ef193c18671f38c5e2f87bc55270e77f8621dbf3573
- SHA512
  
  ee76d466a474364c9692878236ec9c6e86c44af7192f25efeded774993a9c932853caca44c24974cedd5bc55a9d97b5f15a9fd06e05418ae4aa9037bc14d54f9
- SSDEEP
  
  6144:9rTfUHeeSKOS9ccFKk3Y9t9YTcPeLFZhTgp:9n8yN0Mr8TcPehrMp
Score

9^/10

persistence spyware stealer
- UPX dump on OEP (original entry point)
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer

© 2018-2024

Terms | Privacy