Overview

overview

10

Static

static

10

5bde12d39d...38.exe

windows7-x64

9

5bde12d39d...38.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5bde12d39d4278289da13dccfdacd913565440ec8ca8b6c6dde3bb5104724c38

  • Size

    1.9MB

  • Sample

    240430-2f46dshe2v

  • MD5

    0e64c618ff097f209a99d035bb55a70a

  • SHA1

    f8ae1e4612676584fd85bd71df74bc8b2c00543d

  • SHA256

    5bde12d39d4278289da13dccfdacd913565440ec8ca8b6c6dde3bb5104724c38

  • SHA512

    9093bac10bd389dc0487ecf42bce3e41d5e260b032282d20d7b7956bb62681cabf1458320a26d7a0eca1ab34e453683a46281231232511ccec84e98e3a2a7cf2

  • SSDEEP

    49152:5dXZEh6Hf+fmuhLPWoWAMXrpi8rSDzj0qc8:/Jx+u6HWl3GzgqJ

Score
10/10
persistencespywarestealer

Malware Config

Targets

    • Target

      5bde12d39d4278289da13dccfdacd913565440ec8ca8b6c6dde3bb5104724c38

    • Size

      1.9MB

    • MD5

      0e64c618ff097f209a99d035bb55a70a

    • SHA1

      f8ae1e4612676584fd85bd71df74bc8b2c00543d

    • SHA256

      5bde12d39d4278289da13dccfdacd913565440ec8ca8b6c6dde3bb5104724c38

    • SHA512

      9093bac10bd389dc0487ecf42bce3e41d5e260b032282d20d7b7956bb62681cabf1458320a26d7a0eca1ab34e453683a46281231232511ccec84e98e3a2a7cf2

    • SSDEEP

      49152:5dXZEh6Hf+fmuhLPWoWAMXrpi8rSDzj0qc8:/Jx+u6HWl3GzgqJ

    Score
    9/10
    persistencespywarestealer

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks