Overview

overview

9

Static

static

1

sample.html

windows10-1703-x64

9

Resubmissions

03/08/2024, 04:34

240803-e66qksyang 5

03/08/2024, 04:32

240803-e6d1katcjm 3

03/08/2024, 04:20

240803-eyebcstamj 9

03/08/2024, 04:17

240803-ewcpraxfqb 7

Sharing

Copy URL Twitter E-mail

General

  • Target

    sample

  • Size

    13KB

  • Sample

    240803-eyebcstamj

  • MD5

    0399d4c80f1ca63f52f0e6453b8c292f

  • SHA1

    2e521bdc0d1141ea25ac2bf436543d44abbc4e97

  • SHA256

    c1c54e49305dd5fbdbd54b934e6089193059b27a2a9fd15a8bf37800db42da2b

  • SHA512

    9afcb7ea30d173ef899fc23250ad7cc3f0a72ce33d41cbd9ebf3807182e8d410a81791d2ea96fdc043010b5901658543652f46dfaf2e1fa1b14c54c4d3a9e52e

  • SSDEEP

    192:+33x3PU3PvKPl3PR5KYUXmY7J7bBSagVSO3Pq:63x3PU3PSPl3PWYmmY7ZyZ3Pq

Score
9/10
credential_accessdiscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      sample

    • Size

      13KB

    • MD5

      0399d4c80f1ca63f52f0e6453b8c292f

    • SHA1

      2e521bdc0d1141ea25ac2bf436543d44abbc4e97

    • SHA256

      c1c54e49305dd5fbdbd54b934e6089193059b27a2a9fd15a8bf37800db42da2b

    • SHA512

      9afcb7ea30d173ef899fc23250ad7cc3f0a72ce33d41cbd9ebf3807182e8d410a81791d2ea96fdc043010b5901658543652f46dfaf2e1fa1b14c54c4d3a9e52e

    • SSDEEP

      192:+33x3PU3PvKPl3PR5KYUXmY7J7bBSagVSO3Pq:63x3PU3PSPl3PWYmmY7ZyZ3Pq

    Score
    9/10
    credential_accessdiscoveryexecutionspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Enumerates processes with tasklist

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks