032d4c4b1bdbe8436a608cacb2e2d6bbc88828b7d4d1408f363ac0a70055d672 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

032d4c4b1b...72.exe

windows7-x64

9

032d4c4b1b...72.exe

windows10-2004-x64

9

Sharing

General

Target

032d4c4b1bdbe8436a608cacb2e2d6bbc88828b7d4d1408f363ac0a70055d672
Size

455KB
Sample

240429-wrhhwahd3v
MD5

9eca82d1ff4bee0b79fb73fd9e333a93
SHA1

cdeb36f8dbbf6bc4ef1fba4e33e4d39a7d5e8fdb
SHA256

032d4c4b1bdbe8436a608cacb2e2d6bbc88828b7d4d1408f363ac0a70055d672
SHA512

c70160b2ed7ac3dae0830536de5f2cbf8c3d36b402654d6a7cebcb64a9a49d47023ad0f83ee88057ec845571addfa46839773554e31d06986e26c58db5c893e2
SSDEEP

12288:KLxNI8KjYJK+N5VS+9HTA8gbqk8PP/OsmeMVKsvEfg0+H:KVNYjYJK+d+mk6/Opnv30S

Score

9^/10

persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

032d4c4b1bdbe8436a608cacb2e2d6bbc88828b7d4d1408f363ac0a70055d672.exe

Resource

win7-20240220-en

persistence spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

032d4c4b1bdbe8436a608cacb2e2d6bbc88828b7d4d1408f363ac0a70055d672.exe

Resource

win10v2004-20240426-en

persistence spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  032d4c4b1bdbe8436a608cacb2e2d6bbc88828b7d4d1408f363ac0a70055d672
- Size
  
  455KB
- MD5
  
  9eca82d1ff4bee0b79fb73fd9e333a93
- SHA1
  
  cdeb36f8dbbf6bc4ef1fba4e33e4d39a7d5e8fdb
- SHA256
  
  032d4c4b1bdbe8436a608cacb2e2d6bbc88828b7d4d1408f363ac0a70055d672
- SHA512
  
  c70160b2ed7ac3dae0830536de5f2cbf8c3d36b402654d6a7cebcb64a9a49d47023ad0f83ee88057ec845571addfa46839773554e31d06986e26c58db5c893e2
- SSDEEP
  
  12288:KLxNI8KjYJK+N5VS+9HTA8gbqk8PP/OsmeMVKsvEfg0+H:KVNYjYJK+d+mk6/Opnv30S
Score

9^/10

persistence spyware stealer
- Detects executables containing SQL queries to confidential data stores. Observed in infostealers
- Detects executables containing base64 encoded User Agent
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer

© 2018-2025

Terms | Privacy