Overview

overview

9

Static

static

7

projectoyster.exe

windows7-x64

9

projectoyster.exe

windows10-2004-x64

9

cstealer.pyc

windows7-x64

3

cstealer.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    19/06/2024, 14:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cstealer.pyc

  • Size

    67KB

  • MD5

    380fb181fbfee35d71f14e2d1a1df1c7

  • SHA1

    f991d3803a6ac70bd017175e289c95d52a3808ca

  • SHA256

    62efea82da680bd54e4917cca7553c9bf1ce6a7290df986d612115dd9df683b7

  • SHA512

    393c1b167eeaa3007282f78744dc197fab35cd0502ebd9de171e9006dae92f61a6001ae53ff62e135480fc689ea3427928cba559bdd0291cf20c311a05d44572

  • SSDEEP

    1536:l0xqOgPtxpqBJlMstbo88jLQQcXf9qS0Vr+LRheF:lqQt/+bo88PiXX0r+LRA

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\cstealer.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3060
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\cstealer.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2824
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cstealer.pyc"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    4726c69ae00a19693e52ab6ccdcb8a96

    SHA1

    797d770295df76d02ac435f4d5eaed7bc9b5f3cd

    SHA256

    cc65b03698514609db2929f9217fa1afc314f7ddbd874d36af9c0d4cf48899f8

    SHA512

    7856fa75d378fa89a668c9221e3bc25fd6b12923a3cde52586fd8ba06da63d64657c917127ae421258d95b38b6366f166d23689ffe8713880dc6c3dcaaa992a0

    Download Submit