Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    08-07-2024 12:27

General

  • Target

    SecuriteInfo.com.Python.Stealer.1548.11147.30861.exe

  • Size

    10.7MB

  • MD5

    6b1eb54b0153066ddbe5595a58e40536

  • SHA1

    adf81c3104e5d62853fa82c2bd9b0a5becb4589a

  • SHA256

    d39627a497bf5f7e89642ef14bb0134193bc12ad18a2eadddf305c4f8d69b0b8

  • SHA512

    104faaa4085c9173274d4e0e468eaf75fb22c4cfe38226e4594e6aa0a1dcb148bde7e5e0756b664f14b680872d2476340ebd69fac883d8e99b20acfb5f5dbf04

  • SSDEEP

    196608:ys+j9q6y7PuZANM3FEAIVqUkzgPyzKM+1t02mY1q6vgC5xU7BlUdinrDRQF6f1:yNBly7PumMtgqUTKt2mYtvggGBa4nr1h

Score
10/10

Malware Config

Signatures

  • Detects Monster Stealer. 2 IoCs
  • Monster

    Monster is a Golang stealer that was discovered in 2024.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Python.Stealer.1548.11147.30861.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Python.Stealer.1548.11147.30861.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Users\Admin\AppData\Local\Temp\onefile_1708_133649152825146000\stub.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Python.Stealer.1548.11147.30861.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_1708_133649152825146000\python310.dll

    Filesize

    4.3MB

    MD5

    c80b5cb43e5fe7948c3562c1fff1254e

    SHA1

    f73cb1fb9445c96ecd56b984a1822e502e71ab9d

    SHA256

    058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

    SHA512

    faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

  • \Users\Admin\AppData\Local\Temp\onefile_1708_133649152825146000\stub.exe

    Filesize

    18.0MB

    MD5

    f0587004f479243c18d0ccff0665d7f6

    SHA1

    b3014badadfffdd6be2931a77a9df4673750fee7

    SHA256

    8ce148c264ce50e64ab866e34759de81b816a3f54b21c3426513bed3f239649a

    SHA512

    6dedaa729ee93520907ce46054f0573fb887ac0890bea9d1d22382e9d05f8c14a8c151fe2061a0ec1dae791b13752e0fbc00ccc85838caa7524edba35d469434

  • memory/1708-75-0x000000013F780000-0x0000000140258000-memory.dmp

    Filesize

    10.8MB

  • memory/2672-40-0x000000013F4E0000-0x000000014071E000-memory.dmp

    Filesize

    18.2MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.