Overview

overview

9

Static

static

3

4288099e51...0N.exe

windows7-x64

9

4288099e51...0N.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4288099e519c8f2a934f16451ab4bf90N.exe

  • Size

    3.6MB

  • Sample

    240726-xgqbea1cpa

  • MD5

    4288099e519c8f2a934f16451ab4bf90

  • SHA1

    4181c77cba15c632b3bc91e21bf0a1269ed04c93

  • SHA256

    c25d8a79da675b82a212a7271e7ed16033cc38c42b34d6170a4f89ab5e448d4d

  • SHA512

    09471d93355b8edf696624cb297fc826195b8b638a6286af6acf4dca284205dca113830bd7523fc7715a3e4f8e6194fefc69f952771a1ae51e1f00b532aa5a84

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBpB/bSqz8:sxX7QnxrloE5dpUpmbVz8

Score
9/10
credential_accessdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      4288099e519c8f2a934f16451ab4bf90N.exe

    • Size

      3.6MB

    • MD5

      4288099e519c8f2a934f16451ab4bf90

    • SHA1

      4181c77cba15c632b3bc91e21bf0a1269ed04c93

    • SHA256

      c25d8a79da675b82a212a7271e7ed16033cc38c42b34d6170a4f89ab5e448d4d

    • SHA512

      09471d93355b8edf696624cb297fc826195b8b638a6286af6acf4dca284205dca113830bd7523fc7715a3e4f8e6194fefc69f952771a1ae51e1f00b532aa5a84

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBpB/bSqz8:sxX7QnxrloE5dpUpmbVz8

    Score
    9/10
    credential_accessdiscoverypersistencespywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks