0e9b91cf0c46536a61178ab344f45d476346882ccd88738a93b8fcf23c7dfc70 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

cryptolaemus

windows10-2004-x64

9

cryptolaemus

windows11-21h2-x64

9

Sharing

General

Target

0e9b91cf0c46536a61178ab344f45d476346882ccd88738a93b8fcf23c7dfc70
Size

1.2MB
Sample

240811-mcy3mszbld
MD5

9b90504b9b4391c60cd5e2616241519e
SHA1

4c43f9bad36ff0b0d3a6aab523099c08e6d0ad24
SHA256

0e9b91cf0c46536a61178ab344f45d476346882ccd88738a93b8fcf23c7dfc70
SHA512

87163d326d51449abf1fca3d804034877f3453ad2a4b848c9d88292603b72c35b14501b50d88fa6be3574f8a3dc8f922436a324820e711efc63416b2eb1cca7d
SSDEEP

24576:yRM1zOLsQLGgRdfpPpTeG5IuOxTsTfkmfnMy38GUUCku+y5gM:yMOCgRdRPR/zkmfMAUh/

Score

9^/10

credential_access discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0e9b91cf0c46536a61178ab344f45d476346882ccd88738a93b8fcf23c7dfc70.exe

Resource

win10v2004-20240802-en

credential_access discovery stealer

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

0e9b91cf0c46536a61178ab344f45d476346882ccd88738a93b8fcf23c7dfc70.exe

Resource

win11-20240802-en

credential_access discovery stealer

windows11-21h2-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  0e9b91cf0c46536a61178ab344f45d476346882ccd88738a93b8fcf23c7dfc70
- Size
  
  1.2MB
- MD5
  
  9b90504b9b4391c60cd5e2616241519e
- SHA1
  
  4c43f9bad36ff0b0d3a6aab523099c08e6d0ad24
- SHA256
  
  0e9b91cf0c46536a61178ab344f45d476346882ccd88738a93b8fcf23c7dfc70
- SHA512
  
  87163d326d51449abf1fca3d804034877f3453ad2a4b848c9d88292603b72c35b14501b50d88fa6be3574f8a3dc8f922436a324820e711efc63416b2eb1cca7d
- SSDEEP
  
  24576:yRM1zOLsQLGgRdfpPpTeG5IuOxTsTfkmfnMy38GUUCku+y5gM:yMOCgRdRPR/zkmfMAUh/
Score

9^/10

credential_access discovery stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverystealer

behavioral2

credential_accessdiscoverystealer

© 2018-2025

Terms | Privacy