Overview

overview

10

Static

static

3

docs.zip

windows7-x64

1

docs.zip

windows10-2004-x64

1

__MACOSX/d..._store

windows7-x64

3

__MACOSX/d..._store

windows10-2004-x64

3

__MACOSX/d..._store

windows7-x64

3

__MACOSX/d..._store

windows10-2004-x64

3

__MACOSX/d..._store

windows7-x64

3

__MACOSX/d..._store

windows10-2004-x64

3

__MACOSX/d..._store

windows7-x64

3

__MACOSX/d..._store

windows10-2004-x64

3

docs/$RECY...op.ini

windows7-x64

1

docs/$RECY...op.ini

windows10-2004-x64

1

docs/.ds_store

windows7-x64

3

docs/.ds_store

windows10-2004-x64

3

docs/Syste...gs.dat

windows7-x64

3

docs/Syste...gs.dat

windows10-2004-x64

3

docs/Untit...df.exe

windows7-x64

10

docs/Untit...df.exe

windows10-2004-x64

10

docs/[SYST...ttrDef

windows7-x64

1

docs/[SYST...ttrDef

windows10-2004-x64

1

docs/[SYSTEM]/$Bitmap

windows7-x64

1

docs/[SYSTEM]/$Bitmap

windows10-2004-x64

1

docs/[SYSTEM]/$Boot

windows7-x64

1

docs/[SYSTEM]/$Boot

windows10-2004-x64

1

docs/[SYST...Config

windows7-x64

1

docs/[SYST...Config

windows10-2004-x64

1

docs/[SYST.../$Tops

windows7-x64

1

docs/[SYST.../$Tops

windows10-2004-x64

1

docs/[SYST...ops:$T

windows7-x64

1

docs/[SYST...ops:$T

windows10-2004-x64

1

docs/[SYST...og.blf

windows7-x64

3

docs/[SYST...og.blf

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    docs.zip

  • Size

    2.2MB

  • Sample

    240704-n1tcqsyeja

  • MD5

    71e0c72e6b4247b96da6b53e41027e60

  • SHA1

    338b6053d88aa08a633a1767955293ea6baaa1ca

  • SHA256

    64e87032c830ebab767e08f466665da630b1f2cb0c6b79be0bb0aa44b7bfd555

  • SHA512

    1fe7c71dff4f09ab3f2f92418cdb139379b88dad40c2525c802ad0914e7e461e28e962ac65f3de5b5993d7838bfe6c0c21ef76983458b66d9131baea3e31c8e6

  • SSDEEP

    49152:GP3M4uWQIQNTWMrqEeSDHT9nHUFIn51/xdXajzzNtscawCu+XxyohAf8q:GIXEMrTHhU4515EHzNtsUX1P

Score
10/10
metastealerdiscoveryexecutionspywarestealer

Malware Config

Extracted

Family

metastealer

C2

kiyaqoimsiieeyqa.xyz

ssqsmisuowqcwsqo.xyz

ykqmwgsuummieaug.xyz

ewukeskgqswqesiw.xyz

cscqcsgewmwwaaui.xyz

cyoksykiamiscyia.xyz

okgomokemoucqeso.xyz

ikwacuakiqeimwua.xyz

aawcsqqaywckiwmi.xyz

aiqasksgmyeqocei.xyz

qgumcuisgaeyuqqe.xyz

eiesoycamyqqgcea.xyz

ywceswakicsqomqw.xyz

auaieuewouawygku.xyz

cmiascusccywowcs.xyz

uiqkkomkaceqacec.xyz

quqeciymqmkqccqw.xyz

ssqsauuuyyigouou.xyz

aogaakukuugqswcy.xyz

ucgwcwsuqsuwewgc.xyz
Attributes
  • dga_seed

    21845

  • domain_length

    16

  • num_dga_domains

    10000

  • port

    443

Targets

    • Target

      docs.zip

    • Size

      2.2MB

    • MD5

      71e0c72e6b4247b96da6b53e41027e60

    • SHA1

      338b6053d88aa08a633a1767955293ea6baaa1ca

    • SHA256

      64e87032c830ebab767e08f466665da630b1f2cb0c6b79be0bb0aa44b7bfd555

    • SHA512

      1fe7c71dff4f09ab3f2f92418cdb139379b88dad40c2525c802ad0914e7e461e28e962ac65f3de5b5993d7838bfe6c0c21ef76983458b66d9131baea3e31c8e6

    • SSDEEP

      49152:GP3M4uWQIQNTWMrqEeSDHT9nHUFIn51/xdXajzzNtscawCu+XxyohAf8q:GIXEMrTHhU4515EHzNtsUX1P

    Score
    1/10
    behavioral1behavioral2

    • Target

      __MACOSX/docs/._.DS_Store

    • Size

      120B

    • MD5

      b9a94cc8f4aac450fb21641eaf065c6d

    • SHA1

      0bed7e90c2bade9763fa18f1fb4441d31f91c87c

    • SHA256

      2f380f4a3d05a8d90c2106f50da75064e9ce57a598599dc5404f8f69a0223aa9

    • SHA512

      f1e82573db1da08be076ab30e7d8cff350e15d06765e1bb74e313cf5f93e1df6921893a3589df51e6b18538c21a9df6d3f23fead170e9b3c02993f5b5d4a2f4d

    Score
    3/10
    behavioral3behavioral4

    • Target

      __MACOSX/docs/[SYSTEM]/$Extend/$RmMetadata/._.DS_Store

    • Size

      120B

    • MD5

      b9a94cc8f4aac450fb21641eaf065c6d

    • SHA1

      0bed7e90c2bade9763fa18f1fb4441d31f91c87c

    • SHA256

      2f380f4a3d05a8d90c2106f50da75064e9ce57a598599dc5404f8f69a0223aa9

    • SHA512

      f1e82573db1da08be076ab30e7d8cff350e15d06765e1bb74e313cf5f93e1df6921893a3589df51e6b18538c21a9df6d3f23fead170e9b3c02993f5b5d4a2f4d

    Score
    3/10
    behavioral5behavioral6

    • Target

      __MACOSX/docs/[SYSTEM]/$Extend/._.DS_Store

    • Size

      120B

    • MD5

      b9a94cc8f4aac450fb21641eaf065c6d

    • SHA1

      0bed7e90c2bade9763fa18f1fb4441d31f91c87c

    • SHA256

      2f380f4a3d05a8d90c2106f50da75064e9ce57a598599dc5404f8f69a0223aa9

    • SHA512

      f1e82573db1da08be076ab30e7d8cff350e15d06765e1bb74e313cf5f93e1df6921893a3589df51e6b18538c21a9df6d3f23fead170e9b3c02993f5b5d4a2f4d

    Score
    3/10
    behavioral7behavioral8

    • Target

      __MACOSX/docs/[SYSTEM]/._.DS_Store

    • Size

      120B

    • MD5

      b9a94cc8f4aac450fb21641eaf065c6d

    • SHA1

      0bed7e90c2bade9763fa18f1fb4441d31f91c87c

    • SHA256

      2f380f4a3d05a8d90c2106f50da75064e9ce57a598599dc5404f8f69a0223aa9

    • SHA512

      f1e82573db1da08be076ab30e7d8cff350e15d06765e1bb74e313cf5f93e1df6921893a3589df51e6b18538c21a9df6d3f23fead170e9b3c02993f5b5d4a2f4d

    Score
    3/10
    behavioral10behavioral9

    • Target

      docs/$RECYCLE.BIN/S-1-5-21-3906747542-1253890818-3570446626-1001/desktop.ini

    • Size

      129B

    • MD5

      a526b9e7c716b3489d8cc062fbce4005

    • SHA1

      2df502a944ff721241be20a9e449d2acd07e0312

    • SHA256

      e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066

    • SHA512

      d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

    Score
    1/10
    behavioral11behavioral12

    • Target

      docs/.DS_Store

    • Size

      6KB

    • MD5

      4d649b16340219c4a60e3727261307cc

    • SHA1

      fbeea5d43113f0fc2472802b851b249e943e35c6

    • SHA256

      24296f732cc6696273cd6b23a3e27a32932836993d917bfd6f843b525d3b613f

    • SHA512

      94ee5502d514090af45e7e3f5794ee33e09ef2421b5da969a626e9fc18472aa96e729ff07d4ce97613696209d62fd3e42984917f922c80c92a6eed6df15bfc33

    • SSDEEP

      12:Qi11luVsOzOl639EEX/HnXw6XAERqXw6X:f11luV1zOcdfnVMV

    Score
    3/10
    behavioral13behavioral14

    • Target

      docs/System Volume Information/WPSettings.dat

    • Size

      12B

    • MD5

      a25e7defe7e872600f4ac21aa7d744d4

    • SHA1

      9e790c476fd15ef46295ad69e818fc0a1fcd6e61

    • SHA256

      f29afe23a22ca6e995e77dcc2c9b9d914ef3d5e36656a972fda6e91271942da8

    • SHA512

      4bc8129d8239762ed31868df02b6bbc95ffceac0db9d24c3846b0dbc0558b613f7eec9e1583bd61707c149d4e354eb2b7290d4bb15855186cfd3cbfe9318903f

    Score
    3/10
    behavioral15behavioral16

    • Target

      docs/Untitled_June_06_25_2024_export.pdf.pif

    • Size

      801KB

    • MD5

      41dcc29d7eaba7b84fd54323394712af

    • SHA1

      ddc0100723cc2dc9ae8b02a0cb7fe4a86c02d54b

    • SHA256

      a909bef708a47ae428fedbc566132c56f15ae7511dc460cf22055ec1a72d485a

    • SHA512

      5a3e8c1eda558e0b90470d752490bc4d04610f93e453cbfd9013a363cfdf5e607974d526c49efe2ef0440e241d775b66bd7c48c74ee9e8677a37cdedc30c42ee

    • SSDEEP

      6144:xmbuKA33X1rgMuu+xdaXkW+zF6m8XZPELSrPzA:x6XA33X1rTuuyrVZ6m8XGH

    Score
    10/10
    metastealerdiscoveryexecutionspywarestealer

    • Meta Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

      stealermetastealer

    • MetaStealer payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral17behavioral18

    • Target

      docs/[SYSTEM]/$AttrDef

    • Size

      2KB

    • MD5

      ad617ac3906958de35eacc3d90d31043

    • SHA1

      b49d7f48300701235231f6b6fc3d92a5630f9e70

    • SHA256

      d7de5b1b2f79f45f235ceb1adbc46908ed64eae174eb90ed66aefe5f25165da3

    • SHA512

      b22960fb5de6bb0935df0c793e8a6114e470a66e97185f7fec531214a5f264b62ab93d624104805e415129816625c07885dfaedc5d4ddb9deab3982c57ef9304

    Score
    1/10
    behavioral19behavioral20

    • Target

      docs/[SYSTEM]/$Bitmap

    • Size

      576B

    • MD5

      b2643bbfd20a9abd784b601be55d9c7d

    • SHA1

      0f6edc4fbee9d000c4f4891d56919ed0cc842b2c

    • SHA256

      0ee24a237e456fed514c61fe1ac4f38c4c90c42e2757a5feff6985dd8e6c09c2

    • SHA512

      1b99d0d38efb97104d2c0ebdac3a49941f554dbe27c1abf7e8c4d1aafedda5391c2267ae7d7df6ca20d1693adce420f7b3198f2e5fc03edfb12d8609b7875199

    Score
    1/10
    behavioral21behavioral22

    • Target

      docs/[SYSTEM]/$Boot

    • Size

      8KB

    • MD5

      83b232a9da59195661b7d6c004003ab9

    • SHA1

      f62ea55b8fa590dc7d3727e71b29b8320e197cab

    • SHA256

      e914f32d7ee1a0d57b1a4b8113c3231c06e710720a1aaa704c1b425cc0e85ea3

    • SHA512

      2e3f0d1b621477f31c42e9bb72f32474704a8c1fa048b6530870a5b913b531435557af1095a247ac0a10af2ed5b1ec72fb9c5e91c40ce1b54cfa9ff1aec234ef

    • SSDEEP

      96:vnaNcdCmGUyH52j0V6nPt4ihC/U8remKrQUqjfyJB7y4AIwVoou:C2d/5yHEj3Pt4ihCvresUDBm4lwV

    Score
    1/10
    behavioral23behavioral24

    • Target

      docs/[SYSTEM]/$Extend/$RmMetadata/$Repair:$Config

    • Size

      8B

    • MD5

      ab981967d9f545695c396db3787f8a49

    • SHA1

      2497adcb05fe54ad8a55c8fd2c145951ea039237

    • SHA256

      30656bde983020b4a04d4fb8027463ad8cd15d89d4b953f961654b1d6579b9b9

    • SHA512

      53d0952e30e4ba030413265d668693323f45df81d586e55f0b62cd65533162db448762167c697bdbb6d6ebaee088699b411d088267bfae930d7f71228f231b13

    Score
    1/10
    behavioral25behavioral26

    • Target

      docs/[SYSTEM]/$Extend/$RmMetadata/$TxfLog/$Tops

    • Size

      100B

    • MD5

      b0ab52cd0e1beeb3cf739b95c573a7b2

    • SHA1

      21142109d6c2bb3e9852868c847f6c1a97a44377

    • SHA256

      ad4652661493022bc390a34984eaf29e50d063fbe1f63010ec63d7b5b2764573

    • SHA512

      3d7276c87f288ee35a863e3a1881427002ac347a7d7c99f20b6d7b3cde6d54a807d75ca721ebc7678a1e07d3360557fa7d4d6395ce7c9e98d1c4c3bc81e7e9ab

    Score
    1/10
    behavioral27behavioral28

    • Target

      docs/[SYSTEM]/$Extend/$RmMetadata/$TxfLog/$Tops:$T

    • Size

      1024KB

    • MD5

      b6d81b360a5672d80c27430f39153e2c

    • SHA1

      3b71f43ff30f4b15b5cd85dd9e95ebc7e84eb5a3

    • SHA256

      30e14955ebf1352266dc2ff8067e68104607e750abb9d3b36582b8af909fcb58

    • SHA512

      d6292685b380e338e025b3415a90fe8f9d39a46e7bdba8cb78c50a338cefca741f69e4e46411c32de1afdedfb268e579a51f81ff85e56f55b0ee7c33fe8c25c9

    • SSDEEP

      3::

    Score
    1/10
    behavioral29behavioral30

    • Target

      docs/[SYSTEM]/$Extend/$RmMetadata/$TxfLog/$TxfLog.blf

    • Size

      64KB

    • MD5

      0992aafb37934cb15072440c1c58f95e

    • SHA1

      75b402afd31377f594b942f3c40d7c70fed3a089

    • SHA256

      bd855ef3735f8cdfdb7c0948b5c8d163ab913f6b7c533ce1c566b9a5e8576cd9

    • SHA512

      ef25466b8894f32a251814bb7a503a4dff29e3444f022e8c0abcba1e886b6963b2eab0413b2ef2551a95baf07591bfb7459c7546ff7e51a8e69b9bcc889d954f

    • SSDEEP

      24:pTtE2xXCtaLZtkDlfkFYWJSWEkAvzCkaLZtkDlfkFYWJSWEkmgi:0sLZt4lf4Y0SFmnLZt4lf4Y0SFt

    Score
    3/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

metastealerdiscoveryexecutionspywarestealer
Score
10/10

behavioral18

metastealerdiscoveryexecutionspywarestealer
Score
10/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
3/10

behavioral32

Score
3/10