Overview

overview

8

Static

static

3

cf4817decc...f5.exe

windows7-x64

8

cf4817decc...f5.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    cf4817decc126e476eaa79671ddc099f1ec27a4480c15f5507688901259469f5

  • Size

    1.3MB

  • Sample

    240602-xv7slsbg9z

  • MD5

    bc543f8c9dac990b87837de49843e8ec

  • SHA1

    a0b571f733f8b38ffefaf11af30d06f1b3797642

  • SHA256

    cf4817decc126e476eaa79671ddc099f1ec27a4480c15f5507688901259469f5

  • SHA512

    26ec35321277277fbde01134020f451f3ce5f01ff26ec5a48f69c5b5c38a347c866cb7039cc95242424599aea95dcd136ca2388762bd64b2c227fd4d8a87b9bf

  • SSDEEP

    24576:ouGBd2KNLNS/k0OrDPkhKaGv03soUkFt6AcyTkgnNLpkzhHemaq:otscPvkhnFmeNJTkQ+ze

Score
8/10
executionspywarestealer

Malware Config

Targets

    • Target

      cf4817decc126e476eaa79671ddc099f1ec27a4480c15f5507688901259469f5

    • Size

      1.3MB

    • MD5

      bc543f8c9dac990b87837de49843e8ec

    • SHA1

      a0b571f733f8b38ffefaf11af30d06f1b3797642

    • SHA256

      cf4817decc126e476eaa79671ddc099f1ec27a4480c15f5507688901259469f5

    • SHA512

      26ec35321277277fbde01134020f451f3ce5f01ff26ec5a48f69c5b5c38a347c866cb7039cc95242424599aea95dcd136ca2388762bd64b2c227fd4d8a87b9bf

    • SSDEEP

      24576:ouGBd2KNLNS/k0OrDPkhKaGv03soUkFt6AcyTkgnNLpkzhHemaq:otscPvkhnFmeNJTkQ+ze

    Score
    8/10
    executionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks