Overview

overview

9

Static

static

3

ec689c281f...74.exe

windows7-x64

9

ec689c281f...74.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec689c281f0fa32de348c07b18e31e69a7b70e1f19b18f3062e7608853c44b74

  • Size

    2.6MB

  • Sample

    240810-esfx1ayhrb

  • MD5

    3ae7ded5948947ad2868beac185d7a0c

  • SHA1

    937ce948bea937976c2db767a0fdc66919b0e6ae

  • SHA256

    ec689c281f0fa32de348c07b18e31e69a7b70e1f19b18f3062e7608853c44b74

  • SHA512

    9d0e2aa825c56fc430590f9f094b69e1e412f19d74d2fc035f6dc6da0b6e152037cb5ddd620386fd8425afe59b7b0dbce9f3add9bb1c0cc52f8c5273d4162d46

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB5B/bS:sxX7QnxrloE5dpUpub

Score
9/10
credential_accessdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      ec689c281f0fa32de348c07b18e31e69a7b70e1f19b18f3062e7608853c44b74

    • Size

      2.6MB

    • MD5

      3ae7ded5948947ad2868beac185d7a0c

    • SHA1

      937ce948bea937976c2db767a0fdc66919b0e6ae

    • SHA256

      ec689c281f0fa32de348c07b18e31e69a7b70e1f19b18f3062e7608853c44b74

    • SHA512

      9d0e2aa825c56fc430590f9f094b69e1e412f19d74d2fc035f6dc6da0b6e152037cb5ddd620386fd8425afe59b7b0dbce9f3add9bb1c0cc52f8c5273d4162d46

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB5B/bS:sxX7QnxrloE5dpUpub

    Score
    9/10
    credential_accessdiscoverypersistencespywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks