4491901eff338ab52c85a77a3fbd3ce80fda738046ee3b7da7be468da5b331a3 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

CS-malware.exe

windows7-x64

7

CS-malware.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

CS-malware.exe
Size

6.0MB
Sample

240722-j9hkdaxhpq
MD5

755c0350038daefb29b888b6f8739e81
SHA1

5b2f56953b3c925693386cae5974251479f03928
SHA256

4491901eff338ab52c85a77a3fbd3ce80fda738046ee3b7da7be468da5b331a3
SHA512

fede87ea708105ea3b44680f92b97881a32235614c741e7059d8ffe356b34cbcd0c57b11464cf33f4c15af46824c0c8e8e0ef5808b5251f3acbd3d783ee60add
SSDEEP

24576:RHA1jDC3rgrKPucdYUxVXshqWzHt0IBLzvavUXUjLzC:6NSwKPucuUxVX+zmvU4C

Score

8^/10

persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

CS-malware.exe

Resource

win7-20240708-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

CS-malware.exe

Resource

win10v2004-20240709-en

persistence spyware stealer

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  CS-malware.exe
- Size
  
  6.0MB
- MD5
  
  755c0350038daefb29b888b6f8739e81
- SHA1
  
  5b2f56953b3c925693386cae5974251479f03928
- SHA256
  
  4491901eff338ab52c85a77a3fbd3ce80fda738046ee3b7da7be468da5b331a3
- SHA512
  
  fede87ea708105ea3b44680f92b97881a32235614c741e7059d8ffe356b34cbcd0c57b11464cf33f4c15af46824c0c8e8e0ef5808b5251f3acbd3d783ee60add
- SSDEEP
  
  24576:RHA1jDC3rgrKPucdYUxVXshqWzHt0IBLzvavUXUjLzC:6NSwKPucuUxVX+zmvU4C
Score

8^/10

persistence spyware stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistencespywarestealer

© 2018-2025

Terms | Privacy