Overview

overview

9

Static

static

3

test.exe

windows10-1703-x64

9

test.exe

windows10-2004-x64

9

test.exe

windows11-21h2-x64

9

Resubmissions

03/08/2024, 03:06

240803-dlrkgswcma 9

03/08/2024, 03:02

240803-djyk1s1dmm 9

Sharing

Copy URL Twitter E-mail

General

  • Target

    test.exe

  • Size

    50.0MB

  • Sample

    240803-djyk1s1dmm

  • MD5

    0d645a60feee5eae5fa567c93738788d

  • SHA1

    60500686e0f883f8d642bb1e17c2abb0d6ea1be2

  • SHA256

    fdff48ad5f4c4772a0f7d6798bbd0f4974d310dee3e1af87e29616ed84e00b33

  • SHA512

    bef8c521396b70b235d9944348c364b8dbecf5f4d1206f9396c76b76da38d26aa6005b205bfda268bd7da129e4d9c5a95d6c8652cc27f9e46cb5bddece3fa934

  • SSDEEP

    1572864:3nvribzxq/MdIoY3Qxb+4Mx1vipv6QwIp:3vriba3QBqV8wI

Score
9/10
credential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      test.exe

    • Size

      50.0MB

    • MD5

      0d645a60feee5eae5fa567c93738788d

    • SHA1

      60500686e0f883f8d642bb1e17c2abb0d6ea1be2

    • SHA256

      fdff48ad5f4c4772a0f7d6798bbd0f4974d310dee3e1af87e29616ed84e00b33

    • SHA512

      bef8c521396b70b235d9944348c364b8dbecf5f4d1206f9396c76b76da38d26aa6005b205bfda268bd7da129e4d9c5a95d6c8652cc27f9e46cb5bddece3fa934

    • SSDEEP

      1572864:3nvribzxq/MdIoY3Qxb+4Mx1vipv6QwIp:3vriba3QBqV8wI

    Score
    9/10
    credential_accessdiscoveryspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks