73e7ea40a38cb32af35fdc3a66c7af3b86c40ee0af97f187186c21634db4864e

Sharing

Copy URL

Twitter E-mail

General

Target

qL7tumRgxLj.zip
Size

8.4MB
Sample

240619-ktthdaxena
MD5

63a0b1d5a4d913976d1ebb510cc6aad3
SHA1

c99421a5e174b96962ce4ffe88f84671585214ea
SHA256

73e7ea40a38cb32af35fdc3a66c7af3b86c40ee0af97f187186c21634db4864e
SHA512

37b66765d579b32ff4a9997089ee22cd9b0fca9f76efe4def7171352401912acfb20f0d0ac4953b6c0779b846e35aa9fb83a38d65c0913214d88f1a9f98d6096
SSDEEP

196608:BNFxiXYYs7pwUDR3adXBwogmDNaqX4ViWl/fIKjErGI+ht5f:jFgoHAxfkDVigfryGIyvf

Score

10^/10

Malware Config

Targets

- Target
  
  qL7tumRgxLj.zip
- Size
  
  8.4MB
- MD5
  
  63a0b1d5a4d913976d1ebb510cc6aad3
- SHA1
  
  c99421a5e174b96962ce4ffe88f84671585214ea
- SHA256
  
  73e7ea40a38cb32af35fdc3a66c7af3b86c40ee0af97f187186c21634db4864e
- SHA512
  
  37b66765d579b32ff4a9997089ee22cd9b0fca9f76efe4def7171352401912acfb20f0d0ac4953b6c0779b846e35aa9fb83a38d65c0913214d88f1a9f98d6096
- SSDEEP
  
  196608:BNFxiXYYs7pwUDR3adXBwogmDNaqX4ViWl/fIKjErGI+ht5f:jFgoHAxfkDVigfryGIyvf
Score

1^/10
behavioral1 behavioral2
- Target
  
  README.txt
- Size
  
  17B
- MD5
  
  3ddd4ab42a9f89735bb14dadf6d593d7
- SHA1
  
  a6addc3240f39b5a4252fff6a41d565a295f2c61
- SHA256
  
  dafec9ca2e314e02dafa5a824e14cd8df64cafb3df0246282d0402f9ca713063
- SHA512
  
  656849caf13910350835ce00d272d91af0dae6c6419cd7723b8e79d573bd62ddcbdf1b3772fb8764998c61367cf467c000666665e53150e4511589eab895151a
Score

1^/10
behavioral3 behavioral4
- Target
  
  openMe.rar
- Size
  
  8.4MB
- MD5
  
  62f984e034b4167ccc5e948e16030df9
- SHA1
  
  852ea7df5505d8e6d7e56a1c524f0db05c11c638
- SHA256
  
  8072304e97c405c2c80ea493e45b7dc5b291f68814583049c68cee1f192e8d90
- SHA512
  
  3809cc3d6d7b431ea54bc227f3387f92e9c93441a319c328cc18d620e7c320d53a161f46e9ac1499ab3673c7133018f527d5978b99eece0003124c37ba30b021
- SSDEEP
  
  196608:wNFxiXYYs7pwUDR3adXBwogmDNaqX4ViWl/fIKjErGI+ht5j:4FgoHAxfkDVigfryGIyvj
Score

3^/10
behavioral5 behavioral6
- Target
  
  Boostrap/Solara X.exe
- Size
  
  250.0MB
- MD5
  
  6e566fd9a37ea60015f5b8fa5369192d
- SHA1
  
  16455b4d132b96e0bd1b3fbf3e2f3da5d773c0f3
- SHA256
  
  d3d9a157a4a6eebf4e736d9dd2839ca32e4eb1e9f2dc8731cea7d8ad3bbead5a
- SHA512
  
  9a6a1b5ecbd65bf7c3e8419078602a12c8ec8fdcbb9d2177a1f36bc047e4ab865ae087ce1955f2e25873bff0b05c730def9f2ff39842673dce9560a958bf0a0f
- SSDEEP
  
  24576:7gJwGZSjmG8Bom+HYCQjDPEi3n4T1Rz20n9m0p2:7gtZSyG2omzCebEw4pRi6m0p2
Score

10^/10

discovery spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral7 behavioral8
- Target
  
  $TEMP/Animated
- Size
  
  758B
- MD5
  
  9e7034ba6a81913f5b5ee153c4d7c722
- SHA1
  
  f55a2ec5745b729b0e3bb5819770b6c1bcb4c50d
- SHA256
  
  7e402856523567cbf9cb27e7e6c8b25544648d0aa362dc66f9045afde63c260b
- SHA512
  
  b25f37327d1348158d324fe9be11ba3d35762af2603554508b7bd950153e34321712b564fb9c62387836b46dc2b8c4da54edcd13a1cba5882b286c049ee4920f
Score

1^/10
behavioral10 behavioral9
- Target
  
  $TEMP/Bennett
- Size
  
  65KB
- MD5
  
  6cc17572a732895c27aa41c6c65fb311
- SHA1
  
  079b412204d5b30ac44609725ff61052897e8b72
- SHA256
  
  48b4639d3f66395f8d28d54032ef95d8747cc2b625c91427857683c5e325934a
- SHA512
  
  71c71c44b344f6b35f9c847a3a29f0b87e6cb5d860ac85782b5b79821a5c4e482cfd663dd195ed2afff4401e1b088db13847184ba9600eb303f03cd803dbf43b
- SSDEEP
  
  768:wmEusWjcdeDvFQC7VkrHpluuxdCvEHKKgItUHiN:ausWjcdmQuklluhvEHKxiN
Score

1^/10
behavioral11 behavioral12
- Target
  
  $TEMP/Broker
- Size
  
  66KB
- MD5
  
  aea2c5dc71ae8b7e3ee818ed209b7757
- SHA1
  
  0133a04f5c629eab35d3069374fc7022ae14ea05
- SHA256
  
  7d8244edce725a63722f1c0a06f767c1de2c0d3b3487ecba737ac3179a823b64
- SHA512
  
  4bcd3215abc1a2e75a46f0ed30544f950a1fe6d4cae6517d5b98c73e3e6e5c695ee4bd1702c0da5c47fe4ff3557cf4ddfda97892ccabebc05f4179199a9323b0
- SSDEEP
  
  1536:PfUCJ5h3FsoejQ1/9klkp5VLGEDuaiC7v8xV96AE1T:PPf3qoT1/Qkp5IKuLuv8xVTg
Score

1^/10
behavioral13 behavioral14
- Target
  
  $TEMP/Dell
- Size
  
  34KB
- MD5
  
  1e7e6d9815d60d372b72f15dd73db6a1
- SHA1
  
  ac72c1e64fab9abe1dd3f391c8d5f2ad62715d16
- SHA256
  
  e1a7a0bb1fdced6d64567614dc0a515b452d42b1392bb1ff1a93ae8129aee3ed
- SHA512
  
  b0291ecc61cd5bfece0b28be3a1ae5f4b178b021cc6aa5a2d7ace31de1b8e430198b49a84a7b6977ddb2e58316c2cbc752725d1be80686b45b8d651bc38da742
- SSDEEP
  
  768:SckS9cAXKOd+3Avgmy/bJCVKSb279sAOOWNMZmwfHh1d:RtcATs3AS/4KS+9sAOW
Score

1^/10
behavioral15 behavioral16
- Target
  
  $TEMP/Departments
- Size
  
  9KB
- MD5
  
  38b2025bee727e8e348f9a5d97519f65
- SHA1
  
  a3c53598ef1a22d4efc3c83db44b1fdd1e822c29
- SHA256
  
  6835d86ea76a7740c9d24c0e5ddd19a18350697922a33864456604a7fcc74c2c
- SHA512
  
  0b926fc696123b85adfe6d2659acb09b6344979feee6acc4a60b4cd3c4b391ba36b13193e9baa171fc3216a290849b2c9b5610fb2f6ed6a6d8421a4f4a8dd2e3
- SSDEEP
  
  192:UgRoakNPfULsNQ6UUrUM6M1spD4QoHfqwipOcS0BiPyI+m4:UgRoa6PfUIi6J89nOr4
Score

1^/10
behavioral17 behavioral18
- Target
  
  $TEMP/Grow
- Size
  
  24KB
- MD5
  
  94b695958440ee01ab62f0ed695543ea
- SHA1
  
  289179db08945b13b6d252fb0ccf479772487e6f
- SHA256
  
  4dd5282861ebed24cc830c626d5558076f0df4c279c788555837bf08341d8587
- SHA512
  
  1e57cdaf4b76889d0e5a230b86e383cfa07eb66353ef3a5b2443eaa34597c8bae2a44b40769d88577a2cbe222014944f20b83adc8305c9e6aba9eaa2b19e0947
- SSDEEP
  
  384:SPuMHIpmikS0NOsHuezu1sJM1zkf4BCx+ylZ+eQcqERsuQ:wueIVvaOsibzc+ylIt0suQ
Score

1^/10
behavioral19 behavioral20
- Target
  
  $TEMP/Implementing
- Size
  
  45KB
- MD5
  
  6c9757f0e77888c517c33041fc88481a
- SHA1
  
  8427d2227e28d50659b355efc4732d133f6cec47
- SHA256
  
  351da91f1d682ffddedad1374ba51e1df5d78570a608e6173ea4ea743d9b68ca
- SHA512
  
  537e2d86c095b3454e81a68f2653752c062a7b03be34aff6c3398857bf091e14afad39e43f4ce68e1aee3091ae61546449e9e37e12f73275ff1f103a48803f35
- SSDEEP
  
  768:ib3jsJhQlEF2VVay1N5J3SoO6Qku2ox3hOk3Hsu1izubGntN6IZOjAV0S/:ibgjQWq8GV3jOTJh1Xl2ub2tBOjAe6
Score

1^/10
behavioral21 behavioral22
- Target
  
  $TEMP/Int
- Size
  
  23KB
- MD5
  
  5b0e7c4040f8e82ee1c27df9cc0c3ed9
- SHA1
  
  1d4e9e329836998d18dfeb689504037c7a388a03
- SHA256
  
  1f6328b06be85485b7ba50162a7a79ebb59e773fba89d2b64edba7700f0a54a3
- SHA512
  
  8c0c08178742475a1442445fb7e658938cc4122e2fdede5df326daa846601bbaefe00795158cb12b4e8a5703e3113ddc5466476c2f06b2d0f105cf20a8fd16e1
- SSDEEP
  
  384:uQukviAtMfPM8U6aw1ZFrQKtrI2ASggxEthxZNUH0MOUfWGSjRr+iknRa5Sg:u5ci1Q8I2jNxEte07EWGnikscg
Score

1^/10
behavioral23 behavioral24
- Target
  
  $TEMP/Invalid
- Size
  
  36KB
- MD5
  
  8d197d72538081c816efeda249495cca
- SHA1
  
  3c84d5fef55f7eeb1fccc0f4ed700fe8587569c4
- SHA256
  
  29c1a164753a237fb56cfdab0339607f393744ac8a12c77f524f7d1bc65a151c
- SHA512
  
  01208bf32d43002da34e7bfd5d2d2a9f73bb5d452e042bc639266b273c93bae24123994351ca0d446e1665d897af3b3d304bbb3e285f49cfaf72f197b7d0060b
- SSDEEP
  
  768:jB4y+aZmzddtw1E1Yd5dArqsfGuYJhLgBF9OR7F8ufnzh:jB4MmHtt1OPeRQnzh
Score

1^/10
behavioral25 behavioral26
- Target
  
  $TEMP/Italiano
- Size
  
  176B
- MD5
  
  b9b24a047a4f7250c307b46b83218edf
- SHA1
  
  a5dcf76e1a2257ebb2bcad92cb047f2dfb2761b0
- SHA256
  
  e3f5375df1e77eafc0e25647d0f9cf7ff2ce866f891a5a59da2cd27d1f91a399
- SHA512
  
  be338f29793b059cdc4f2f9c18e6d42a109eedac0b78f0c24b93430bea60fb3dd228cbb1462b8dee4c48ebc664d68d9057790c0ba470bf88730cdbb4fc64b173
Score

1^/10
behavioral27 behavioral28
- Target
  
  $TEMP/Jd
- Size
  
  14KB
- MD5
  
  5a9bd840f1473f0be745ee37d95b9cc6
- SHA1
  
  b2902d07ec4ac66af4c0e7891b9b5a6a0648ee6b
- SHA256
  
  844658e84a445e94968bcabb40dfd501e8448de52b0a379fd5015fd38295b921
- SHA512
  
  919dfa6385ca8c253438111d79a9e68f3730886318881cd88fd9de1a36dbed2d5c90006415d2f809f949e1b5f5f382a7bdb0dfe3c0db4a74800821df821bc469
- SSDEEP
  
  192:HzfZyyyVNt20M4KdULSx6/JZ9FrKUS1IPuoqRWsHnhAb7K7zipa/:HzhQVNt2bSSk/ju9oiPqY/
Score

1^/10
behavioral29 behavioral30
- Target
  
  $TEMP/Latitude
- Size
  
  7KB
- MD5
  
  243f552e05ac3a3b9d2357ee3815d620
- SHA1
  
  0b6e569b7cff655ec36e5c1354346a53b4853a34
- SHA256
  
  40c05fbecae6d41ae6107c566727baba71bdbaf3330758fae60e0320181d4455
- SHA512
  
  d56a553583cff9ed67bf375fe530f65ec13209d7bfa675f2249ced6b3f623a54800304ea5398f44de340963e6be939c5677ed88a4e5696cf55325b28526f9c3c
- SSDEEP
  
  192:rnikP/767EnkEHay0pjW6+fWBsjusZ3vd:mkn7IEV0pQfsKuEV
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Query Registry

T1012

Process Discovery

T1057

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32