bfbbd79f65db74b8b0d3496df01f3e3cb86ef5db785db4cea9ac4867e3f7ef2c

Resubmissions

23/08/2024, 09:01

240823-kyxqlavfjf 10

28/07/2024, 15:31

240728-syf2va1djm 10

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
28/07/2024, 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e2839553458547a92fff7348862063b30510e805a550e02d94a89bd8fd0768d.exe
Size

1.7MB
MD5

4640faeafa95ce219c649e9f5cbffd75
SHA1

19dd0e5c193e679825066ea9faa8c283a3d62cdd
SHA256

5e2839553458547a92fff7348862063b30510e805a550e02d94a89bd8fd0768d
SHA512

23e9c70521be23aeb74da4711149e6a61d678713dbfd6de7a5f835bd2931ad227a8988ab66d6a44d1b7f83b8e8cea23fef0f6ed4c2c3399b214bd812dfc998cb
SSDEEP

49152:ROG8g1q+0zLvddLpmLM1vkRG6PDaChedUaq4UL:Mzdg

Score

10^/10

credential_access discovery spyware stealer

Malware Config

Signatures

DeerStealer 1 IoCs

Detects DeerStealer malware - JaffaCakes118.

stealer

resource	yara_rule
behavioral2/memory/1124-2-0x00007FF6E30E0000-0x00007FF6E32F6000-memory.dmp	DeerStealer

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1124	5e2839553458547a92fff7348862063b30510e805a550e02d94a89bd8fd0768d.exe
1124	5e2839553458547a92fff7348862063b30510e805a550e02d94a89bd8fd0768d.exe

C:\Users\Admin\AppData\Local\Temp\5e2839553458547a92fff7348862063b30510e805a550e02d94a89bd8fd0768d.exe
"C:\Users\Admin\AppData\Local\Temp\5e2839553458547a92fff7348862063b30510e805a550e02d94a89bd8fd0768d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Browser Information Discovery

T1217

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1124-0-0x00007FF9D948D000-0x00007FF9D948E000-memory.dmp

Filesize
4KB

Download
memory/1124-2-0x00007FF6E30E0000-0x00007FF6E32F6000-memory.dmp

Filesize
2.1MB

Download