Overview

overview

10

Static

static

10

fbc5b60f6f...74.exe

windows7-x64

9

fbc5b60f6f...74.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    fbc5b60f6f3330c98553a9b00f8309a341300d2cfb0543edc6c163fb0aaa3874

  • Size

    979KB

  • Sample

    240429-evesqaab9y

  • MD5

    12af28c94ed1b38fe20d4bc44466bce4

  • SHA1

    1e6905e763f36686dcc5c66e10e3f95a6e42b6ff

  • SHA256

    fbc5b60f6f3330c98553a9b00f8309a341300d2cfb0543edc6c163fb0aaa3874

  • SHA512

    79c2e0d7fccf5d0e5626b063edfd83dca144b24c965f4ed4664a3257a3b5e619b96797a100d5263608a82bc51017e6b8668e15864dfbbf48c39fea77a548ea65

  • SSDEEP

    24576:86A6q9EBYIzCWTk4jEsSHJpTNp76THeNCW9k2AqvXYlRhh:5Ar9EBtOW7+ZqTECWUqvXYH

Score
10/10
persistencespywarestealer

Malware Config

Targets

    • Target

      fbc5b60f6f3330c98553a9b00f8309a341300d2cfb0543edc6c163fb0aaa3874

    • Size

      979KB

    • MD5

      12af28c94ed1b38fe20d4bc44466bce4

    • SHA1

      1e6905e763f36686dcc5c66e10e3f95a6e42b6ff

    • SHA256

      fbc5b60f6f3330c98553a9b00f8309a341300d2cfb0543edc6c163fb0aaa3874

    • SHA512

      79c2e0d7fccf5d0e5626b063edfd83dca144b24c965f4ed4664a3257a3b5e619b96797a100d5263608a82bc51017e6b8668e15864dfbbf48c39fea77a548ea65

    • SSDEEP

      24576:86A6q9EBYIzCWTk4jEsSHJpTNp76THeNCW9k2AqvXYlRhh:5Ar9EBtOW7+ZqTECWUqvXYH

    Score
    9/10
    persistencespywarestealer

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks