Overview

overview

7

Static

static

3

0d203b59d4...38.exe

windows7-x64

7

0d203b59d4...38.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d203b59d4eee5ecce9a6a93a93471baa5d5e77080c7ad6844fd5e1247a6c338

  • Size

    1.5MB

  • Sample

    240627-xcrcxavcla

  • MD5

    a764db623711ed409214c62a8ae2db3f

  • SHA1

    55a418e8dd319026258ff7df9172e7c1f311c5a5

  • SHA256

    0d203b59d4eee5ecce9a6a93a93471baa5d5e77080c7ad6844fd5e1247a6c338

  • SHA512

    67452dbe45650c8846d02fdb030dd88f43b984318d4d3d4773579bb34bf2df90b181b33afc2fa5e27742820232520de1b980ab4dcd8f41843f18c06d995a3780

  • SSDEEP

    49152:h1MEuM7zz6gT4tazKxU4jAoMNc6BDmOigrj:fluM7/4tazKa9oac6BDrX

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      0d203b59d4eee5ecce9a6a93a93471baa5d5e77080c7ad6844fd5e1247a6c338

    • Size

      1.5MB

    • MD5

      a764db623711ed409214c62a8ae2db3f

    • SHA1

      55a418e8dd319026258ff7df9172e7c1f311c5a5

    • SHA256

      0d203b59d4eee5ecce9a6a93a93471baa5d5e77080c7ad6844fd5e1247a6c338

    • SHA512

      67452dbe45650c8846d02fdb030dd88f43b984318d4d3d4773579bb34bf2df90b181b33afc2fa5e27742820232520de1b980ab4dcd8f41843f18c06d995a3780

    • SSDEEP

      49152:h1MEuM7zz6gT4tazKxU4jAoMNc6BDmOigrj:fluM7/4tazKa9oac6BDrX

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks