Overview

overview

7

Static

static

3

5c85e074d7...28.exe

windows7-x64

7

5c85e074d7...28.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    30/04/2024, 22:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c85e074d73ae96f2198e14e880b696f667b56774730e1d6e4f0491fb3334f28.exe

  • Size

    3.2MB

  • MD5

    5314b8a97419c02d744f072a9edb524d

  • SHA1

    4e1435d34ada0e3270a4072c088f2bcc5da256d1

  • SHA256

    5c85e074d73ae96f2198e14e880b696f667b56774730e1d6e4f0491fb3334f28

  • SHA512

    4b8106833ea43f46e65b0a2bb22bc98a0a44dee9db06e8e31a0281b32b9fdd80291fca55c391f8e8351ffe9d36b86f9cbc21d26482fbef512ee0906d2a65f4b9

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBiB/bSqz8b6LNXJqI20t:sxX7QnxrloE5dpUpZbVz8eLFcz

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c85e074d73ae96f2198e14e880b696f667b56774730e1d6e4f0491fb3334f28.exe
    "C:\Users\Admin\AppData\Local\Temp\5c85e074d73ae96f2198e14e880b696f667b56774730e1d6e4f0491fb3334f28.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecaopti.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecaopti.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2144
    • C:\Files70\xdobec.exe
      C:\Files70\xdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2556

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Files70\xdobec.exe
    Filesize

    3.2MB

    MD5

    36a21fa89f44c3094d38891e1c6f8991

    SHA1

    c6499fcaa531262b92f3cdae7244257a63eb7c77

    SHA256

    a23b8869f328967d536ce9f8e1b5873cd7ef7d973ce8f987586072c6ffbef162

    SHA512

    6076ce41edf6a7b511b39736fe78994ec2bee2cf8c5d51c4abd76cfad48d5249090344a2cc9e52394caedefe2336b13b403b8f830c4abc81e76a7593d0b2b1e7

    Download Submit

  • C:\LabZ3P\optiaec.exe
    Filesize

    2.0MB

    MD5

    2456e825ceeedb20f71206165d49e947

    SHA1

    890f9632fef2a6bf43a9dfd735746c09de658961

    SHA256

    bed445e013cfb98c10918a7d597b299d1361eedd9c130606df15e64bf7cc7606

    SHA512

    970e403d499e2e6ce89292e5e79ed790e0a90bd1db7ff84e7bb8662441954b77395552a9eff23069355d32fb3163ba55b4761c48c45bc8f4ad37465dad63e20e

    Download Submit

  • C:\LabZ3P\optiaec.exe
    Filesize

    474KB

    MD5

    df048d9db6aa48b9879f99e6fb4f1552

    SHA1

    17967ffc43b2f69045161954fb7ca18ae0395aad

    SHA256

    53b420d22ea9f01a959086ff33ec23ab676e226e636443b7515b24846cb56c79

    SHA512

    60780e36aba568abb3f2464402ac102e46ae4b1052207bd7693f8a646f9d6cf7c298135268d3a352800c0fee0d0287eabed6962fe3a8752238afe058c806f761

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    167B

    MD5

    80d62c58a6a57930d3fd0aeb89675167

    SHA1

    70f29673260f11628320dc38dbf7e3c9c009d4ab

    SHA256

    011523af2aac817de865c009d3f29b4fe62379599106df7d00af1d7ceb1e6b04

    SHA512

    51c04598025b0cffeee14a144ec3147fb3830bc708811548309e6277ac27058615936f197de7ab639c6567694b4e793393c51a342ff52e1952b174fc32ebc268

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    199B

    MD5

    53ab7d989c0049c7ea9e55573f2bfefe

    SHA1

    ec5aaa8512f22a309f1e4dd4bcf34b4401dc131e

    SHA256

    d5fc169d757f659bb89b26f8cd360912714ee7f45ef95cbceeef7dcd41de0e10

    SHA512

    f2d03628bdd3d4b28b8b91704c3c78d3b4a34fa3bf60bdc0f4322648f5fd5c77898b73bf5a77ec08e554776c0fade1e020e96020915633c7fc206df2b177e09e

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecaopti.exe
    Filesize

    3.2MB

    MD5

    1263f3dfa516d70e62b48ab974b1d0e6

    SHA1

    b69654e854f4f6b4da8c5a2d7fd00896b805588e

    SHA256

    46c348a63e45f7e6257ae862cdb0543afc3616c06a1c98d0773f57adbfd68a03

    SHA512

    e48097668f46deaa3b69265ff4e652efdd4da965569cc2983fef9fee70be5ad02bc7deb6393ceea9272dfe6dbbbb84f099119de22fb75f5c680201a5029db08b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.