4970bd280da663f483f927f3a6c47833ebcbfe2b640ee66a309b41c7ed084375

Resubmissions

03-07-2024 12:58

240703-p71aaswgqe 7

03-07-2024 12:54

240703-p5pe1swfja 7

Analysis

max time kernel
46s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4970bd280da663f483f927f3a6c47833ebcbfe2b640ee66a309b41c7ed084375.exe
Size

3.8MB
MD5

34d51ed7e14a94b309ce15b5b348253a
SHA1

c7f90fa2093d9d39374c5dc2435a9744c23ea80c
SHA256

4970bd280da663f483f927f3a6c47833ebcbfe2b640ee66a309b41c7ed084375
SHA512

420b702f20e77fd3fa0189006a25a32e8fe817aa52f6e39d9969eedac15920880811da3b704024fb654cb85d736ca2aa73dfa21e58c18b822fde57596794fb3e
SSDEEP

49152:XUxJVpqxVCD+RJzLevpNWG7keMyn443d2mG7lD8IKXU+pqcbs6b1BDYfkgi9BvJl:FWDj7v8PI4cgyNrCgri

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	ifconfig.me

C:\Users\Admin\AppData\Local\Temp\4970bd280da663f483f927f3a6c47833ebcbfe2b640ee66a309b41c7ed084375.exe
"C:\Users\Admin\AppData\Local\Temp\4970bd280da663f483f927f3a6c47833ebcbfe2b640ee66a309b41c7ed084375.exe"
1⤵
PID:4344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wintemp.atNhe7QoVTRz\Local State

Filesize
8KB

MD5
bde0d1b4db1f65866fd7a2a969c9846b

SHA1
e0d29a320ba6a0b237d1a57c2db63c8666fc6515

SHA256
4dabf0d0c02c26635f9a584d7a7e038af084c158bbf65ee88b4e1c03f704d8be

SHA512
9417bf0404eeb8f4c9ce7fe2cb4f6acabc21c297bc262966dbf661c54979dd996c1f5326279c0b622fa78d5025b58aae8664be281427fe2e58a6e9c191eb49bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\wintemp.yoAyNROmOuM2\Local State

Filesize
257KB

MD5
0bc3e550393c09e097f5d903e4efde90

SHA1
c7bcb1b3c3de78d3ee2917d62740a1413d255a15

SHA256
3541df035c631826fa1369830d51a243033f6566ae684b84718911972ce01bca

SHA512
3a9c69e693c96f9f1a226dd59a3a921be1525554d3f7797d9f92a7655f3738fe6481f173d0cd6b18c63b35532927be40a6643416138425f00da21540f6ca7542

Download Submit
memory/4344-30-0x00007FF603EA0000-0x00007FF604269000-memory.dmp

Filesize
3.8MB

Download
memory/4344-31-0x00007FF603EA0000-0x00007FF604269000-memory.dmp

Filesize
3.8MB

Download