Overview

overview

10

Static

static

10

sysEXEC/deter.dll

windows10-1703-x64

1

sysEXEC/quickDrop.dll

windows10-1703-x64

1

sysEXEC/sysEXEC.exe

windows10-1703-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sysEXEC.zip

  • Size

    18.8MB

  • Sample

    240620-gye9rsxfjm

  • MD5

    337a3ecd26b0e8df897027abb0b9e5f0

  • SHA1

    d046f684cd33be96d5b68ec0720f56e67f804133

  • SHA256

    7a1eea1311b50e7bc80a2aeb77c772a26d275e9cede456dac7b27fadc81e3607

  • SHA512

    3e3a25662012cc71969cef1841d134d6793ed9ea8a22b7a51ce230ec0662bc6304533eafb489240dd0e1b7ae4ae9d96f709b22e04325e5a2df05af7751f7584a

  • SSDEEP

    393216:7oZJFDY1RYWSvjEXhxeNM9Ux02oiQXWns/DCOcz:7oZJq1RYWSbEXhxeNMOxNobXtbCOcz

Score
10/10
crealstealerpyinstallerspywarestealer

Malware Config

Targets

    • Target

      sysEXEC/deter.dll

    • Size

      2.4MB

    • MD5

      e0035f1415ad57390e035a1924e66699

    • SHA1

      aea268dd8cde0f81847b5faf31914e5def3e3905

    • SHA256

      77f70788f86eb2118c62505b12857fc9ecec67ddda00c9ae763e30f4d2001973

    • SHA512

      dae404a831f3acb504210aecf24838ee4a86f46ff389c090dce85d7f3dcd23395cd4f475143b619b142319e0b610a063d07ab51a26aa3a5b08d48e41112e6a53

    • SSDEEP

      49152:fQB8FXngzuLOerj6QSKFsZ+5xtRvBZmYxx3zpWSkdP1uYMOD6Gy2MS:fQB8lgzu9f6QSKFnBp/P9xs1uYMy6dy

    Score
    1/10
    behavioral1

    • Target

      sysEXEC/quickDrop.dll

    • Size

      2.0MB

    • MD5

      0911c00b81b90ea126d46a1bd5c2933f

    • SHA1

      bf59ae80d8b72ad1d805ee806803d932bb02044a

    • SHA256

      dafbdacac1b68e0d615bd5d6550a472800e37f1c8cbda9064c61cefb4c29435d

    • SHA512

      43442e93725024c0b98c6d958f995830436adb676ab1d6b12e9fbf9b6bf78dc02b9ce7ddeef957b61105440349b1b7d88c8db4951ad344796b891d2baf113bf9

    • SSDEEP

      24576:AqTkBkEU283mDQYaL/el5XOgE3LWC1MsDvHKuzPgqf/r4MOKbcQzKhkziZ68EbaN:lmkE6Wgel5XGZvRPLNO5QzK3g8EehHik

    Score
    1/10
    behavioral2

    • Target

      sysEXEC/sysEXEC.exe

    • Size

      14.5MB

    • MD5

      ffd7667734dd00d965d53652f5d79cf2

    • SHA1

      8b2a829f441f3994251a7c0c4df1e0d84e310fd1

    • SHA256

      521a5689f95a3e059413c34b727b4e13d104303beed4163a7c21219541525d72

    • SHA512

      aaa88a9449414a61e0544b9402f5145cc94b75a3eb07dc110b2d1919b2417415e75821fcf3ecc13dd821c0ded7d25c33bca83a5d219656b355071b5bf9b5b42a

    • SSDEEP

      196608:sSEkv0sKYu/PaQ+DuhflMXdQmRJ8dA6lSuqaycBIGpE2o6hTOv+QKfwJ+E39j/l5:7EkZQ0dQuslSq99oWOv+9fg+EH3Pgm3

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3

MITRE ATT&CK Enterprise v15

Tasks