40c999efbed082c775fcf5c2e63dd221ba9d1559a7649ae3c98ada7184fac5a8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SilentOptimizer (1).rar
Size

16.2MB
Sample

240719-lfe89sxdqa
MD5

5f7f88e1f0f1e80743963fffafd1f3d7
SHA1

34ecc089323f5a48c4ded6ceed095efe01b832e5
SHA256

40c999efbed082c775fcf5c2e63dd221ba9d1559a7649ae3c98ada7184fac5a8
SHA512

26ac7a379a757c95362700338f9c4d5782bd898136e3f17f94e6b84b318922c81c950cf8dc449e0b7e081821a9ac76fa62716c193ea87fc9f168cf4b8fade441
SSDEEP

393216:8J8oHbVM1/hAWEeL50R5/or6OIds3mb1K5shuJ2Uyd/v/E5Ok4NlO:8/HbsEsYWs1luYjd/Pk4LO

Score

8^/10

defense_evasion execution persistence spyware stealer

Malware Config

Targets

- Target
  
  Silent Optimizer.exe
- Size
  
  37.6MB
- MD5
  
  c7cbc7e63800c94a24fbbf8d30772429
- SHA1
  
  f1b0cf8085359450b62902d9e8ef96596b5db4ae
- SHA256
  
  aca8fd0fe5ebea04cfd3fa3e4526bea40add68671e1a708637bc393fef4b483b
- SHA512
  
  4e32ac11b2f9af9ba866c89b3a686645dc9fb59ab88f6fac4f55846e7a6f01f2cfcbd879f7ab5645f6bd95b98c29c266e771686468f82db911fd9467afcc29b9
- SSDEEP
  
  786432:R3on1HvSzxAMNUFZArYsjiWPv0x7OZbEhN:RYn1HvSpNUXmjn4vhN
Score

8^/10

defense_evasion execution persistence spyware stealer
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Hide Artifacts: Hidden Window
  Windows that would typically be displayed when an application carries out an operation can be hidden.
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Window

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionexecutionpersistencespywarestealer