Analysis
-
max time kernel
93s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06-08-2024 15:34
General
-
Target
208cf6b8c728eb97c9347ee014dbc3dabfc13445531a2c6f27883fd38f3bd02e.exe
-
Size
2.5MB
-
MD5
855764cbf6f0e6040cfa93a12f638b64
-
SHA1
9ed2f99039ac0cab2d3346219927100f469ab9fa
-
SHA256
208cf6b8c728eb97c9347ee014dbc3dabfc13445531a2c6f27883fd38f3bd02e
-
SHA512
d02cbeafeab0635b14914f8439b52fbf96932c091eac43304a472fd11c265feb8c5680fd8de52d8bf178a07c1876a0758690c99864e5b2314aa932b204f131ae
-
SSDEEP
49152:jf51JoDG+evjXRGAsgO5BxJAsk1GNaNW/vffUYKcUl8uQc/4rai:B+95HJe1W/vffVKNl8uQcUZ
Malware Config
Signatures
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
Processes
-
C:\Users\Admin\AppData\Local\Temp\208cf6b8c728eb97c9347ee014dbc3dabfc13445531a2c6f27883fd38f3bd02e.exe"C:\Users\Admin\AppData\Local\Temp\208cf6b8c728eb97c9347ee014dbc3dabfc13445531a2c6f27883fd38f3bd02e.exe"1⤵
- Checks computer location settings