1662fec4579cc5ed93d9a9c9545706bfd65124ced8c1d5412979cede486800b5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

OperaGXSetup.exe
Size

3.1MB
Sample

240704-p7v1kszalc
MD5

18eb11b6fd9619430d67e2c3c1216276
SHA1

ff2c4f2ea1271b430c216159649e4af6a9cce22a
SHA256

1662fec4579cc5ed93d9a9c9545706bfd65124ced8c1d5412979cede486800b5
SHA512

e09fab30c356de3bf5bccbae257336988aca6a17c165135bc985da6448f6c7a3cad2ecbf8c7ae5959e7e561bb1c441e26896a0100f23a3ac078c09ba960d526f
SSDEEP

49152:mNEyYQPMB2nYlQWY9p/RxOgkDA5/uzsKFuaLU0kOyrRBzfMUNYpoMjw4:sEsY213Rx+87aLU0kPElJ

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  OperaGXSetup.exe
- Size
  
  3.1MB
- MD5
  
  18eb11b6fd9619430d67e2c3c1216276
- SHA1
  
  ff2c4f2ea1271b430c216159649e4af6a9cce22a
- SHA256
  
  1662fec4579cc5ed93d9a9c9545706bfd65124ced8c1d5412979cede486800b5
- SHA512
  
  e09fab30c356de3bf5bccbae257336988aca6a17c165135bc985da6448f6c7a3cad2ecbf8c7ae5959e7e561bb1c441e26896a0100f23a3ac078c09ba960d526f
- SSDEEP
  
  49152:mNEyYQPMB2nYlQWY9p/RxOgkDA5/uzsKFuaLU0kOyrRBzfMUNYpoMjw4:sEsY213Rx+87aLU0kPElJ
Score

8^/10

spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1