bbbfdf66e9c773bcad95c6cd2e89a596620f417175de712269689b08f2643a40 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

cryptolaemus

windows10-2004-x64

8

cryptolaemus

windows11-21h2-x64

8

Sharing

General

Target

bbbfdf66e9c773bcad95c6cd2e89a596620f417175de712269689b08f2643a40
Size

8.0MB
Sample

240801-kwszmawhqg
MD5

7a9e91cd05bb23625354d0f46066904c
SHA1

7389f1881aba1c2ba3544321bd068bbf91dfa00a
SHA256

bbbfdf66e9c773bcad95c6cd2e89a596620f417175de712269689b08f2643a40
SHA512

cdcd8c13f582682279463afc1a6196b65e127a0cb344632f1c2222f8f64793ae8c19547758eda94ece0bc9526b6ed13e552c3f6c9dbc2c6f157e601cbbc95c65
SSDEEP

49152:BYyqyQ4SjTErF0JwHoLjhbi4zmkKm0W85GNLZLgKT/MNMNngOdTMnWAqkeKbr3kg:PgR2HoLtb

Score

8^/10

credential_access discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

bbbfdf66e9c773bcad95c6cd2e89a596620f417175de712269689b08f2643a40.exe

Resource

win10v2004-20240730-en

credential_access discovery stealer

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

bbbfdf66e9c773bcad95c6cd2e89a596620f417175de712269689b08f2643a40.exe

Resource

win11-20240730-en

credential_access discovery stealer

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  bbbfdf66e9c773bcad95c6cd2e89a596620f417175de712269689b08f2643a40
- Size
  
  8.0MB
- MD5
  
  7a9e91cd05bb23625354d0f46066904c
- SHA1
  
  7389f1881aba1c2ba3544321bd068bbf91dfa00a
- SHA256
  
  bbbfdf66e9c773bcad95c6cd2e89a596620f417175de712269689b08f2643a40
- SHA512
  
  cdcd8c13f582682279463afc1a6196b65e127a0cb344632f1c2222f8f64793ae8c19547758eda94ece0bc9526b6ed13e552c3f6c9dbc2c6f157e601cbbc95c65
- SSDEEP
  
  49152:BYyqyQ4SjTErF0JwHoLjhbi4zmkKm0W85GNLZLgKT/MNMNngOdTMnWAqkeKbr3kg:PgR2HoLtb
Score

8^/10

credential_access discovery stealer
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverystealer

behavioral2

credential_accessdiscoverystealer

© 2018-2024

Terms | Privacy