Overview

overview

10

Static

static

10

7ffafbe5e5...38.exe

windows7-x64

9

7ffafbe5e5...38.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    7ffafbe5e54a723fd5dcfa7d05e2d0ab4b39edfd739b10857c46c3a8e3944138

  • Size

    1.0MB

  • Sample

    240624-26vpmszhlk

  • MD5

    266098a2821be8d7d95e6455ef6cfc14

  • SHA1

    be39d122618f3c2a69502fff0d7e1ebc6bbdd5b9

  • SHA256

    7ffafbe5e54a723fd5dcfa7d05e2d0ab4b39edfd739b10857c46c3a8e3944138

  • SHA512

    6e731779457232a8cc31f0bb5fc3aba7f27c7f7871d8273b6b826ae6f9d4e9bc51aca88c7f4ecce64bc5d24ef908c0e4bf691abfa507cdbdd463df882ff6af0f

  • SSDEEP

    24576:sWZGv97FiNI8N6cQ5kTp4o0ZYIW8aYrWr3s2:BZWBcXNAkuOlBDs2

Score
10/10
persistencespywarestealer

Malware Config

Targets

    • Target

      7ffafbe5e54a723fd5dcfa7d05e2d0ab4b39edfd739b10857c46c3a8e3944138

    • Size

      1.0MB

    • MD5

      266098a2821be8d7d95e6455ef6cfc14

    • SHA1

      be39d122618f3c2a69502fff0d7e1ebc6bbdd5b9

    • SHA256

      7ffafbe5e54a723fd5dcfa7d05e2d0ab4b39edfd739b10857c46c3a8e3944138

    • SHA512

      6e731779457232a8cc31f0bb5fc3aba7f27c7f7871d8273b6b826ae6f9d4e9bc51aca88c7f4ecce64bc5d24ef908c0e4bf691abfa507cdbdd463df882ff6af0f

    • SSDEEP

      24576:sWZGv97FiNI8N6cQ5kTp4o0ZYIW8aYrWr3s2:BZWBcXNAkuOlBDs2

    Score
    9/10
    persistencespywarestealer

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks