Overview

overview

10

Static

static

10

bdc61e24b0...ba.exe

windows7-x64

9

bdc61e24b0...ba.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bdc61e24b03db5dbdeaf7979906ea51f0bfe388b41d8e7e80bde6d9acd716bba.exe

  • Size

    4.9MB

  • Sample

    240522-cqxfvshb58

  • MD5

    d9a7d15ae1511095bc12d4faa9be6f70

  • SHA1

    b90fbb35eb6dd050e4829ecac702feab90f58859

  • SHA256

    bdc61e24b03db5dbdeaf7979906ea51f0bfe388b41d8e7e80bde6d9acd716bba

  • SHA512

    f913e5bbb998ad8a391ea99c6d045081da5af128b9391c3a0249ec4eeb9a504be796b3315e7c5b4bae825b7629527719a845a974f4eba37bd0233b86e5483e25

  • SSDEEP

    98304:NllmCKfheKnF4Gnuyjscn9GtGOqHLixnkmb0ZKH4lODcxSgo5Gn8WuMRIn+N3gNX:NllmCKfY2uWUMBHLi6mb0ZKH4lODcxSL

Score
10/10
spyware

Malware Config

Targets

    • Target

      bdc61e24b03db5dbdeaf7979906ea51f0bfe388b41d8e7e80bde6d9acd716bba.exe

    • Size

      4.9MB

    • MD5

      d9a7d15ae1511095bc12d4faa9be6f70

    • SHA1

      b90fbb35eb6dd050e4829ecac702feab90f58859

    • SHA256

      bdc61e24b03db5dbdeaf7979906ea51f0bfe388b41d8e7e80bde6d9acd716bba

    • SHA512

      f913e5bbb998ad8a391ea99c6d045081da5af128b9391c3a0249ec4eeb9a504be796b3315e7c5b4bae825b7629527719a845a974f4eba37bd0233b86e5483e25

    • SSDEEP

      98304:NllmCKfheKnF4Gnuyjscn9GtGOqHLixnkmb0ZKH4lODcxSgo5Gn8WuMRIn+N3gNX:NllmCKfY2uWUMBHLi6mb0ZKH4lODcxSL

    Score
    9/10
    spyware

    • Detects executables packed with Dotfuscator

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks