Overview

overview

8

Static

static

3

Insta Stal...er.exe

windows7-x64

8

Insta Stal...er.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Insta Stalker 2.0.rar

  • Size

    13.1MB

  • Sample

    240808-js9brs1fjk

  • MD5

    29563b54d70d5d528a719117431e1263

  • SHA1

    bea7baccdc92ecb8312d2a90fd6254db85f3a0a3

  • SHA256

    c2ab8774d1a9aaa5985825da009bb077b61709aa0882093de645026ec65cac21

  • SHA512

    2cdd7cbeeaa780f40b7a45a79dff48b34effcf438768f07e4a04eb48b2b62acab281a741f88756e055a2f689290af33e3ed42c6b53f97eea228c695b69fe7c0d

  • SSDEEP

    393216:NrusoN8xmQsk/KXEWVIqNjtbVKZv5pQvd9:NDoQfsVe2jx0ZBKvH

Score
8/10
discoveryexecutionpersistencepyinstaller

Malware Config

Targets

    • Target

      Insta Stalker 2.0/Insta Stalker 2.0/urlmon/Launcher.exe

    • Size

      53KB

    • MD5

      c6d4c881112022eb30725978ecd7c6ec

    • SHA1

      ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

    • SHA256

      0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

    • SHA512

      3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

    • SSDEEP

      768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5

    Score
    8/10
    discoveryexecutionpersistence

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks