Overview

overview

8

Static

static

3

winprofile

windows7-x64

7

winprofile

windows10-1703-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    b465e6a2e1aa28d1aba8f45b2a048f2d2dce3f99bbf0ee9c0a3fd7e3188a7b02

  • Size

    2.0MB

  • Sample

    240624-gelmfasaqr

  • MD5

    56eb8d3bbc5d084ba15da4a73ff3cf40

  • SHA1

    ceaba45979ac15a0c1942606aa0af4367fac41a9

  • SHA256

    b465e6a2e1aa28d1aba8f45b2a048f2d2dce3f99bbf0ee9c0a3fd7e3188a7b02

  • SHA512

    f444d94e2695b60e77e62f5cc3312868c2a8531a3c38c3ca451ad8ba3023ab80d860a833b945bc4238d9c0bdc70a8ac61e1352195233bdc7af86602e377d0953

  • SSDEEP

    49152:vNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmkW:FEhFvqXjbqoJQCs

Score
8/10
spywarestealer

Malware Config

Targets

    • Target

      b465e6a2e1aa28d1aba8f45b2a048f2d2dce3f99bbf0ee9c0a3fd7e3188a7b02

    • Size

      2.0MB

    • MD5

      56eb8d3bbc5d084ba15da4a73ff3cf40

    • SHA1

      ceaba45979ac15a0c1942606aa0af4367fac41a9

    • SHA256

      b465e6a2e1aa28d1aba8f45b2a048f2d2dce3f99bbf0ee9c0a3fd7e3188a7b02

    • SHA512

      f444d94e2695b60e77e62f5cc3312868c2a8531a3c38c3ca451ad8ba3023ab80d860a833b945bc4238d9c0bdc70a8ac61e1352195233bdc7af86602e377d0953

    • SSDEEP

      49152:vNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmkW:FEhFvqXjbqoJQCs

    Score
    8/10
    spywarestealer

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks