f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

MuMuInstal...05.exe

windows11-21h2-x64

7

Sharing

General

Target

MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
Size

5.3MB
Sample

240807-ts598atgnb
MD5

fbd9ad001bb2719f574c0705c5de05fb
SHA1

d07e77a490ad677935ac8213b88237e94440e791
SHA256

f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593
SHA512

5724e3f858ae7ea92ba4ce325f3f8f4b90ecc6d7c19476e2888c4b09f0913463191b977f71314300918cceb0a6ae0b80e29d3c70891e8aeb9314da233a929e96
SSDEEP

98304:oeZOuRuvqAgef1ndGaX6tJJQv2FKA75OpVclc02vDRZTEB:1ZOPNdo3u0jc02vVZoB

Score

7^/10

defense_evasion discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe

Resource

win11-20240802-en

defense_evasion discovery spyware stealer

windows11-21h2-x64

36 signatures

150 seconds

Malware Config

Targets

- Target
  
  MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
- Size
  
  5.3MB
- MD5
  
  fbd9ad001bb2719f574c0705c5de05fb
- SHA1
  
  d07e77a490ad677935ac8213b88237e94440e791
- SHA256
  
  f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593
- SHA512
  
  5724e3f858ae7ea92ba4ce325f3f8f4b90ecc6d7c19476e2888c4b09f0913463191b977f71314300918cceb0a6ae0b80e29d3c70891e8aeb9314da233a929e96
- SSDEEP
  
  98304:oeZOuRuvqAgef1ndGaX6tJJQv2FKA75OpVclc02vDRZTEB:1ZOPNdo3u0jc02vVZoB
Score

7^/10

defense_evasion discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Software Discovery

Security Software Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Process Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

defense_evasiondiscoveryspywarestealer

© 2018-2024

Terms | Privacy