4ebc7c786be937a2504c692f2d8fbf74c6adb85f523fe59da7f12236f0d845e8 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

4ebc7c786b...e8.exe

windows7-x64

8

4ebc7c786b...e8.exe

windows10-2004-x64

8

Sharing

General

Target

4ebc7c786be937a2504c692f2d8fbf74c6adb85f523fe59da7f12236f0d845e8
Size

2.6MB
Sample

240524-1jx1taca8z
MD5

84f597a0b9962fea5259cb95536d0c76
SHA1

86bc5b0a8a874c75f8b0cdd517bcb63557919bae
SHA256

4ebc7c786be937a2504c692f2d8fbf74c6adb85f523fe59da7f12236f0d845e8
SHA512

014c4c553848dc523332fd06c4009fd10c254f85ec654a991f8abb76ab1cce1d126243ad4b365b35afa24ceb486b1a12f084f0f906f72aed7a9a79113acae985
SSDEEP

24576:9A8vyrepIND/0bfSPdaYQi5YYR+h+8fEvdDrGnrdEROGHOhXBo7FC/hRJHOh:9A81IJPDmEvdDqnroHO9HO

Score

8^/10

discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4ebc7c786be937a2504c692f2d8fbf74c6adb85f523fe59da7f12236f0d845e8.exe

Resource

win7-20240221-en

discovery spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

4ebc7c786be937a2504c692f2d8fbf74c6adb85f523fe59da7f12236f0d845e8.exe

Resource

win10v2004-20240508-en

discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  4ebc7c786be937a2504c692f2d8fbf74c6adb85f523fe59da7f12236f0d845e8
- Size
  
  2.6MB
- MD5
  
  84f597a0b9962fea5259cb95536d0c76
- SHA1
  
  86bc5b0a8a874c75f8b0cdd517bcb63557919bae
- SHA256
  
  4ebc7c786be937a2504c692f2d8fbf74c6adb85f523fe59da7f12236f0d845e8
- SHA512
  
  014c4c553848dc523332fd06c4009fd10c254f85ec654a991f8abb76ab1cce1d126243ad4b365b35afa24ceb486b1a12f084f0f906f72aed7a9a79113acae985
- SSDEEP
  
  24576:9A8vyrepIND/0bfSPdaYQi5YYR+h+8fEvdDrGnrdEROGHOhXBo7FC/hRJHOh:9A81IJPDmEvdDqnroHO9HO
Score

8^/10

discovery spyware stealer
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy