e75a8a541aeb8df44cb7904829518dbc08675f9a2f58f0c5f88e130ca67b6a9e | Triage

Submit
Reports

Overview

overview

7

Static

static

3

twstealer-main.zip

windows10-1703-x64

7

Resubmissions

04-07-2024 15:32

240704-syl8vs1ard 7

04-07-2024 15:27

240704-sv6hbs1apd 10

Sharing

General

Target

twstealer-main.zip
Size

12.8MB
Sample

240704-syl8vs1ard
MD5

41ac7f3a38f52082b8a95a927eeb39af
SHA1

348b3bae32b300d06fa53c4bffd43556d5998f6a
SHA256

e75a8a541aeb8df44cb7904829518dbc08675f9a2f58f0c5f88e130ca67b6a9e
SHA512

8b953613760aa44d1a0ef712117470808f39e174520579a28190ede0d34b95b37e10a12e476bef8395d7af6bb054468b9c23bf4192baa2ac86f2645d41b389df
SSDEEP

393216:s55+jreXFp9OHaumUZeL4AqK5HMBRBzXbmE6XTytYw6Bm:m5kqzOHaumyeL4D80aEoytYPm

Score

7^/10

discovery persistence privilege_escalation pyinstaller

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

twstealer-main.zip

Resource

win10-20240404-en

discovery persistence privilege_escalation

windows10-1703-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  twstealer-main.zip
- Size
  
  12.8MB
- MD5
  
  41ac7f3a38f52082b8a95a927eeb39af
- SHA1
  
  348b3bae32b300d06fa53c4bffd43556d5998f6a
- SHA256
  
  e75a8a541aeb8df44cb7904829518dbc08675f9a2f58f0c5f88e130ca67b6a9e
- SHA512
  
  8b953613760aa44d1a0ef712117470808f39e174520579a28190ede0d34b95b37e10a12e476bef8395d7af6bb054468b9c23bf4192baa2ac86f2645d41b389df
- SSDEEP
  
  393216:s55+jreXFp9OHaumUZeL4AqK5HMBRBzXbmE6XTytYw6Bm:m5kqzOHaumyeL4D80aEoytYPm
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy