ce8f36cb260a5e3d03fab13624208d531551b5dc82e2097b9dd38707c32852de | Triage

Submit
Reports

Overview

overview

8

Static

static

3

Stien.exe

windows7-x64

8

Stien.exe

windows10-2004-x64

8

Sharing

General

Target

Stien.exe
Size

48KB
Sample

240522-e7nw6acb69
MD5

bda9523d7221942e46def67ed473e33e
SHA1

ce837c7ac128e361217316041891da0872b87290
SHA256

ce8f36cb260a5e3d03fab13624208d531551b5dc82e2097b9dd38707c32852de
SHA512

5e8f0e619d8dfc664a8e833243cda8b4cc638a324590e5f26c3d991cca5b674fe9677449163fcb78dea8b8c27c60e37651e63ec6cfac475e2ca404ca1cef6388
SSDEEP

768:+GJzSq8Maq5s9OIyziuT/2dcWhzzkOFbQBU669RhQM+8M+FG:+RqfKOtiuTuRbQALK

Score

8^/10

collection execution spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Stien.exe

Resource

win7-20240221-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Stien.exe

Resource

win10v2004-20240508-en

collection execution spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  Stien.exe
- Size
  
  48KB
- MD5
  
  bda9523d7221942e46def67ed473e33e
- SHA1
  
  ce837c7ac128e361217316041891da0872b87290
- SHA256
  
  ce8f36cb260a5e3d03fab13624208d531551b5dc82e2097b9dd38707c32852de
- SHA512
  
  5e8f0e619d8dfc664a8e833243cda8b4cc638a324590e5f26c3d991cca5b674fe9677449163fcb78dea8b8c27c60e37651e63ec6cfac475e2ca404ca1cef6388
- SSDEEP
  
  768:+GJzSq8Maq5s9OIyziuT/2dcWhzzkOFbQBU669RhQM+8M+FG:+RqfKOtiuTuRbQALK
Score

8^/10

execution collection spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

collectionexecutionspywarestealer

© 2018-2024

Terms | Privacy