Overview

overview

9

Static

static

3

697e1a2415...0f.exe

windows7-x64

9

697e1a2415...0f.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    697e1a2415a2108a52fda92ea569fb8f072608561ae49817cb7e283460dbdb0f

  • Size

    3.1MB

  • Sample

    240723-2g86qssfjl

  • MD5

    37488e85bfd3e9293891b0d8822872c4

  • SHA1

    4ab45cf65662f0d4db2913b64f8ed3b3db466b7f

  • SHA256

    697e1a2415a2108a52fda92ea569fb8f072608561ae49817cb7e283460dbdb0f

  • SHA512

    a5d598205a83a1f55dfdce96321093f73e16fd8b031b0d45673c5951c666109c48e43a01ea51092eadf339c66b8375fb40e83ffce71fcfe317272d53bde390bc

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LByB/bSqz8b6LNXJqI:sxX7QnxrloE5dpUphbVz8eLFc

Score
9/10
credential_accessdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      697e1a2415a2108a52fda92ea569fb8f072608561ae49817cb7e283460dbdb0f

    • Size

      3.1MB

    • MD5

      37488e85bfd3e9293891b0d8822872c4

    • SHA1

      4ab45cf65662f0d4db2913b64f8ed3b3db466b7f

    • SHA256

      697e1a2415a2108a52fda92ea569fb8f072608561ae49817cb7e283460dbdb0f

    • SHA512

      a5d598205a83a1f55dfdce96321093f73e16fd8b031b0d45673c5951c666109c48e43a01ea51092eadf339c66b8375fb40e83ffce71fcfe317272d53bde390bc

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LByB/bSqz8b6LNXJqI:sxX7QnxrloE5dpUphbVz8eLFc

    Score
    9/10
    credential_accessdiscoverypersistencespywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks