0027e27dcdc31f32e1159f82034ce00169ec7e3b487999d95997c519e0e7d40a | Triage

Submit
Reports

Overview

overview

9

Static

static

3

cryptolaemus

windows10-2004-x64

9

cryptolaemus

windows11-21h2-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

0027e27dcdc31f32e1159f82034ce00169ec7e3b487999d95997c519e0e7d40a
Size

1.2MB
Sample

240814-hx7s3atfnr
MD5

75a2d87eafbefb74dc8bab6fec16cac1
SHA1

c3decd95d7e19c4dbd1d7b9e409eeb4861c6f369
SHA256

0027e27dcdc31f32e1159f82034ce00169ec7e3b487999d95997c519e0e7d40a
SHA512

1b6c9ad97b74f639d26fd6d3af7c218f04ef08b77f6d6a67c05350c2965941472592fc6cc9c878644e686532295a20cc23d95ca5db4b62a86ec440000079c5f4
SSDEEP

24576:bIq9ZVLruR2LUUFwmWiWvuREnPRd5cZbzOqLckW+PcHkD+aO6hG1:sMnuR2LmcMuGHkbzOqLXW6hG

Score

9^/10

credential_access discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0027e27dcdc31f32e1159f82034ce00169ec7e3b487999d95997c519e0e7d40a.exe

Resource

win10v2004-20240802-en

credential_access discovery stealer

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

0027e27dcdc31f32e1159f82034ce00169ec7e3b487999d95997c519e0e7d40a.exe

Resource

win11-20240802-en

credential_access discovery stealer

windows11-21h2-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  0027e27dcdc31f32e1159f82034ce00169ec7e3b487999d95997c519e0e7d40a
- Size
  
  1.2MB
- MD5
  
  75a2d87eafbefb74dc8bab6fec16cac1
- SHA1
  
  c3decd95d7e19c4dbd1d7b9e409eeb4861c6f369
- SHA256
  
  0027e27dcdc31f32e1159f82034ce00169ec7e3b487999d95997c519e0e7d40a
- SHA512
  
  1b6c9ad97b74f639d26fd6d3af7c218f04ef08b77f6d6a67c05350c2965941472592fc6cc9c878644e686532295a20cc23d95ca5db4b62a86ec440000079c5f4
- SSDEEP
  
  24576:bIq9ZVLruR2LUUFwmWiWvuREnPRd5cZbzOqLckW+PcHkD+aO6hG1:sMnuR2LmcMuGHkbzOqLXW6hG
Score

9^/10

credential_access discovery stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverystealer

behavioral2

credential_accessdiscoverystealer

© 2018-2025

Terms | Privacy