4b701365bf0d3102e9f1f066755f3d88c073e99672f95af23c1f8b52f57641c7 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

PixInsight...DY.zip

windows10-2004-x64

8

Sharing

General

Target

PixInsight 1.8 - E3DDY.zip
Size

253.1MB
Sample

240527-g3fq4abf38
MD5

380735676a792880bdcff6cd48a2836c
SHA1

0f48eb72c076b832ba3f6aab53d1e4771c4bd4b5
SHA256

4b701365bf0d3102e9f1f066755f3d88c073e99672f95af23c1f8b52f57641c7
SHA512

d8979bd588b46dd5378b34396ab4b63bbbd4ee18a787f6324f4f554f919e050a6cd366d48b45075a96d6a2f76088cbf08e6aa60da65b2de4fc537594ffe5cab4
SSDEEP

6291456:jz/HlMkDV5zM2jchY91cB9HZwR5BBHjRdjqNP4IAyWw3L:jz/H7ha2j6YHhzjRdjYhDb

Score

8^/10

persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PixInsight 1.8 - E3DDY.zip

Resource

win10v2004-20240508-en

persistence spyware stealer

windows10-2004-x64

27 signatures

600 seconds

Malware Config

Targets

- Target
  
  PixInsight 1.8 - E3DDY.zip
- Size
  
  253.1MB
- MD5
  
  380735676a792880bdcff6cd48a2836c
- SHA1
  
  0f48eb72c076b832ba3f6aab53d1e4771c4bd4b5
- SHA256
  
  4b701365bf0d3102e9f1f066755f3d88c073e99672f95af23c1f8b52f57641c7
- SHA512
  
  d8979bd588b46dd5378b34396ab4b63bbbd4ee18a787f6324f4f554f919e050a6cd366d48b45075a96d6a2f76088cbf08e6aa60da65b2de4fc537594ffe5cab4
- SSDEEP
  
  6291456:jz/HlMkDV5zM2jchY91cB9HZwR5BBHjRdjqNP4IAyWw3L:jz/H7ha2j6YHhzjRdjYhDb
Score

8^/10

persistence spyware stealer
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Blocklisted process makes network request
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

© 2018-2024

Terms | Privacy