Overview

overview

9

Static

static

3

ItroublveTSCV8.exe

windows7-x64

9

ItroublveTSCV8.exe

windows10-2004-x64

9

Resubmissions

02/08/2024, 22:44

240802-2nrv2atdlk 9

02/08/2024, 22:42

240802-2m3k5stdjk 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ItroublveTSCV8.exe

  • Size

    2.9MB

  • Sample

    240802-2nrv2atdlk

  • MD5

    04d9deab1ba92eecd071d6e47e360dd9

  • SHA1

    73ff84e18d53babcc61699501b0ebc68a1420661

  • SHA256

    030ea9a39d673500d2cdb7f5ba377aa57e535b7327d28a1d84763ca58b72684c

  • SHA512

    738e67e97f4a159e9c376ba458cfb908c9782325ca6d9ebb101a5135335fcb784e4fbe7123dd182b240896153dafeaccb2b165f4f4bf8b2a8ae0b5f21407756f

  • SSDEEP

    49152:/smhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:pqXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs

Score
9/10
credential_accessdiscoveryspywarestealerupx

Malware Config

Targets

    • Target

      ItroublveTSCV8.exe

    • Size

      2.9MB

    • MD5

      04d9deab1ba92eecd071d6e47e360dd9

    • SHA1

      73ff84e18d53babcc61699501b0ebc68a1420661

    • SHA256

      030ea9a39d673500d2cdb7f5ba377aa57e535b7327d28a1d84763ca58b72684c

    • SHA512

      738e67e97f4a159e9c376ba458cfb908c9782325ca6d9ebb101a5135335fcb784e4fbe7123dd182b240896153dafeaccb2b165f4f4bf8b2a8ae0b5f21407756f

    • SSDEEP

      49152:/smhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:pqXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs

    Score
    9/10
    credential_accessdiscoveryspywarestealerupx

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks