Overview

overview

8

Static

static

3

2e11a10776...59.exe

windows7-x64

8

2e11a10776...59.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    2e11a107763e5114f853c569682a4d801a9cf3613702526ab5384fa107d42b59

  • Size

    200KB

  • Sample

    240619-ywwmeatfpn

  • MD5

    ed911a5e84f389033d7fce33d1259d19

  • SHA1

    451e8f641b08bf2b4c200a7cd25958c6e35a139e

  • SHA256

    2e11a107763e5114f853c569682a4d801a9cf3613702526ab5384fa107d42b59

  • SHA512

    94d6288d6071a75891b77a29492d4077848c616c70b70fd0e74b6b6032b23b03bb3a65ce507563ce503204dd20d3d6b687aae140b3919c3ba91df46d941b9f1d

  • SSDEEP

    3072:o2EK86cjwLvASBLVVV2etw2TIrvygHuZ4LEMwQmBa6nn5xu0:8cL4SBLVVV252kbygu5pn/

Score
8/10
discoveryevasionexecutionpersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      2e11a107763e5114f853c569682a4d801a9cf3613702526ab5384fa107d42b59

    • Size

      200KB

    • MD5

      ed911a5e84f389033d7fce33d1259d19

    • SHA1

      451e8f641b08bf2b4c200a7cd25958c6e35a139e

    • SHA256

      2e11a107763e5114f853c569682a4d801a9cf3613702526ab5384fa107d42b59

    • SHA512

      94d6288d6071a75891b77a29492d4077848c616c70b70fd0e74b6b6032b23b03bb3a65ce507563ce503204dd20d3d6b687aae140b3919c3ba91df46d941b9f1d

    • SSDEEP

      3072:o2EK86cjwLvASBLVVV2etw2TIrvygHuZ4LEMwQmBa6nn5xu0:8cL4SBLVVV252kbygu5pn/

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalationspywarestealerexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Subvert Trust Controls

1
T1553

SIP and Trust Provider Hijacking

1
T1553.003

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks