1e97991128cf9cc7643f8175ea8269e393211ef477ace9cc78be5e9acce05e4f | Triage

Sharing

General

Target

honzeEopnaC.zip
Size

8.4MB
Sample

240616-p9vslaybjr
MD5

02b3c40ed4b99ea995522a918e00ed12
SHA1

e90f6c5fa0c1a18072021fa332ce18438b382f9d
SHA256

1e97991128cf9cc7643f8175ea8269e393211ef477ace9cc78be5e9acce05e4f
SHA512

501c4ee6e59635cdfe1452fa682aa55fb72b5625f95995e73cafe958c0940efd8fe5316775b50eed1001a570a07c6eafdcd17f288eec7d1570509a74078a612c
SSDEEP

196608:NpbUfGHEAGCKtonpy+9zUwKRew8nxK3yrjstiA23wlt5mV:NWuHEAcoIiQynxWyrw4wH58

Score

10^/10

cryptone discovery packer spyware stealer

Malware Config

Targets

- Target
  
  openMe.rar
- Size
  
  8.4MB
- MD5
  
  3da01ddc8c5124871b676be7b55b974f
- SHA1
  
  ff8c90489d35ed87491365af4b6433d39f919b8e
- SHA256
  
  41e4567256cc28254ca8154b1e0253ae71a0eb2ff48f8d1054d55228c9182823
- SHA512
  
  c9e60b6c49cf8608abaa28a920c106556c0f33bcba50ebf00f0fc1ccabbc800b05053af6306f8be7130ed22cd953c139bf900c79abbb6f2df2b945c161aebedc
- SSDEEP
  
  196608:apbUfGHEAGCKtonpy+9zUwKRew8nxK3yrjstiA23wlt5mk:aWuHEAcoIiQynxWyrw4wH5z
Score

3^/10
behavioral1 behavioral2
- Target
  
  Unic/Unicore.exe
- Size
  
  250.0MB
- MD5
  
  daedd0adf5c3350ae5a16312887c0d72
- SHA1
  
  2ed4ec4419988106f6ed577e0df423bdb902eb11
- SHA256
  
  998ae90e88e1810bccb2378e6f023348d407829d09a5b21110dfdaddd3d6ead6
- SHA512
  
  e3c69d322497993531182e0baf2f23537edc4d5cbc23ce5e8e8a77d5f76bf82995568bb37f00258b42f902ec52c675b0b5fb2c8098f4c92aee67224935e94503
- SSDEEP
  
  24576:cgkBhqECQiwDnaBCAhA3mmLBJ3OBqaPzrcw8oVfwlas:cgujMu1WN8w8oVfD
Score

10^/10

discovery spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4
- Target
  
  Unic/web
- Size
  
  18.7MB
- MD5
  
  88fd7dbf04bcf75123d02009aea3f7f7
- SHA1
  
  cecf16bdad71e54afc941179ea2b7438a04efa1d
- SHA256
  
  01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
- SHA512
  
  2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
- SSDEEP
  
  393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

discoveryspywarestealer

behavioral4

behavioral5

behavioral6