Analysis
-
max time kernel
133s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
04-06-2024 01:41
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f9d73abb0c34be6697cfb2178e7ab4d3737b749b632dd3f910f83b4c74d1cc7e.exe
Resource
win7-20240215-en
1 signatures
150 seconds
General
-
Target
f9d73abb0c34be6697cfb2178e7ab4d3737b749b632dd3f910f83b4c74d1cc7e.exe
-
Size
2.4MB
-
MD5
4d6f72d6ebd0036be02ef6103bba5328
-
SHA1
dc58e928e8dbef721acbea988578d982bc023be7
-
SHA256
f9d73abb0c34be6697cfb2178e7ab4d3737b749b632dd3f910f83b4c74d1cc7e
-
SHA512
1563920be9085c5d1f466ea6cf4d08d60ef80297938a2254ea6d464290c25ac9219a8c06c24252b978195529103cebad31cdd054e1b77668b360f46c97b35da9
-
SSDEEP
49152:+S0nU5KvLcm1ZbEs5o/Scqq9vuKJdA4rwNh7LdnJgtH20nTA:R0HLd1Bcqq9vuKQd+920T
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
f9d73abb0c34be6697cfb2178e7ab4d3737b749b632dd3f910f83b4c74d1cc7e.exepid Process 2236 f9d73abb0c34be6697cfb2178e7ab4d3737b749b632dd3f910f83b4c74d1cc7e.exe 2236 f9d73abb0c34be6697cfb2178e7ab4d3737b749b632dd3f910f83b4c74d1cc7e.exe