5b1fd3d03b05c0961381968f118131f14d2134ce03a40be7b704e514407a364c | Triage

Sharing

General

Target

TeamViewerQS_x64.exe
Size

31.0MB
Sample

240725-rwallswhka
MD5

913740fa42ac5460adc40b51d50539b4
SHA1

4c4dbf2e1b6b0c80e8e98af065e4724717dd304f
SHA256

5b1fd3d03b05c0961381968f118131f14d2134ce03a40be7b704e514407a364c
SHA512

47386438efe44e1d9d1a5ea8d7a8acb7ee806c27454b0fc50dbaeaeef03734968c073f5305fc257cc97914e5dd8f9e290adf1ea25b6a11d7c22856104ab7b4f2
SSDEEP

786432:9vviy5auaza4cXWDTDNIOSKGlPxysiuA1gXRHQ2:plaOW7AzlJlDGY

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  TeamViewerQS_x64.exe
- Size
  
  31.0MB
- MD5
  
  913740fa42ac5460adc40b51d50539b4
- SHA1
  
  4c4dbf2e1b6b0c80e8e98af065e4724717dd304f
- SHA256
  
  5b1fd3d03b05c0961381968f118131f14d2134ce03a40be7b704e514407a364c
- SHA512
  
  47386438efe44e1d9d1a5ea8d7a8acb7ee806c27454b0fc50dbaeaeef03734968c073f5305fc257cc97914e5dd8f9e290adf1ea25b6a11d7c22856104ab7b4f2
- SSDEEP
  
  786432:9vviy5auaza4cXWDTDNIOSKGlPxysiuA1gXRHQ2:plaOW7AzlJlDGY
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryspywarestealer