Overview

overview

7

Static

static

3

Atdz56x_.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Atdz56x_.exe

  • Size

    18.2MB

  • Sample

    240723-ll52waygkf

  • MD5

    87dc28ce17e9e69c6e2f954b88ca4897

  • SHA1

    cd124f66fb1ca51eb79eb5bf4718535088d443fe

  • SHA256

    3a99ad94e213f2d4b46960a91de015ed02b8d4568c0e8ad58aa8f64bf6c7cbb2

  • SHA512

    11d4cd207347e1afc52492e9e2c610b12b3ab66ff84441bd624c0b3d31d9e59df3887e8611ef1aadb6a95dbb9aaa18c7016bd1de0f689ceb216879117245221c

  • SSDEEP

    393216:p1bPmYRQK7+T80Uol39JaOB0MDTQ9SibTtJQl+B4OBhkxI:XbrRQRCWNQA0MDTziP0+B4mqS

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      Atdz56x_.exe

    • Size

      18.2MB

    • MD5

      87dc28ce17e9e69c6e2f954b88ca4897

    • SHA1

      cd124f66fb1ca51eb79eb5bf4718535088d443fe

    • SHA256

      3a99ad94e213f2d4b46960a91de015ed02b8d4568c0e8ad58aa8f64bf6c7cbb2

    • SHA512

      11d4cd207347e1afc52492e9e2c610b12b3ab66ff84441bd624c0b3d31d9e59df3887e8611ef1aadb6a95dbb9aaa18c7016bd1de0f689ceb216879117245221c

    • SSDEEP

      393216:p1bPmYRQK7+T80Uol39JaOB0MDTQ9SibTtJQl+B4OBhkxI:XbrRQRCWNQA0MDTziP0+B4mqS

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks