Overview

overview

7

Static

static

3

3b409decd0...a7.exe

windows7-x64

7

3b409decd0...a7.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b409decd09409a083ebf29e2f5bc8b57b2899ef7eadaa4fdc689cc5d341d3a7

  • Size

    4.0MB

  • Sample

    240524-zgjjzaag35

  • MD5

    0bc2a6be9c70c4b4a8c3a4e1c8b6fd58

  • SHA1

    6d76ba30b6723ee6036470aea1d26d52edb3f2af

  • SHA256

    3b409decd09409a083ebf29e2f5bc8b57b2899ef7eadaa4fdc689cc5d341d3a7

  • SHA512

    f1eeeb2aa921ffe0b04f287c1c1e3aef4b59a191c4239629f3d32ad9917f29e72d99f9e78962536f65f8ef8c40bb663a8fc41758003816a0ea3d400bdb5f92b2

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBmB/bSqz8b6LNXJqI20t:sxX7QnxrloE5dpUplbVz8eLFcz

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      3b409decd09409a083ebf29e2f5bc8b57b2899ef7eadaa4fdc689cc5d341d3a7

    • Size

      4.0MB

    • MD5

      0bc2a6be9c70c4b4a8c3a4e1c8b6fd58

    • SHA1

      6d76ba30b6723ee6036470aea1d26d52edb3f2af

    • SHA256

      3b409decd09409a083ebf29e2f5bc8b57b2899ef7eadaa4fdc689cc5d341d3a7

    • SHA512

      f1eeeb2aa921ffe0b04f287c1c1e3aef4b59a191c4239629f3d32ad9917f29e72d99f9e78962536f65f8ef8c40bb663a8fc41758003816a0ea3d400bdb5f92b2

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBmB/bSqz8b6LNXJqI20t:sxX7QnxrloE5dpUplbVz8eLFcz

    Score
    7/10
    persistencespywarestealer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks