Overview

overview

9

Static

static

3

9238f0f88a...1c.exe

windows7-x64

9

9238f0f88a...1c.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    9238f0f88af5a6f80f79c66f502b73ca920522f58128428bc556054963ea6d1c.exe

  • Size

    922KB

  • Sample

    240814-w94ttssdpk

  • MD5

    d996f588469a7a1af5ababce991b42f5

  • SHA1

    2086f187e1bb96da2fff9b7233bfda8eafc9ae05

  • SHA256

    9238f0f88af5a6f80f79c66f502b73ca920522f58128428bc556054963ea6d1c

  • SHA512

    5a55a0e83c514a7f98a933eb658d72ce3d4fbc371cdaf737b80fa1db75cb77f1a6dc429bd0b852f7ab3985bdba497b475979de67bc43675d4857d235d9baf96b

  • SSDEEP

    12288:tCQZsNPaRtCQjl6dOUSCxwBceIBQpF6Nn5UNTBGSBmMy2hkiRicdX4LDeTc0xtzs:eNDsYdOtTIBQ6NnKiSlRiuEIJR+nLh

Score
9/10
collectioncredential_accessdiscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      9238f0f88af5a6f80f79c66f502b73ca920522f58128428bc556054963ea6d1c.exe

    • Size

      922KB

    • MD5

      d996f588469a7a1af5ababce991b42f5

    • SHA1

      2086f187e1bb96da2fff9b7233bfda8eafc9ae05

    • SHA256

      9238f0f88af5a6f80f79c66f502b73ca920522f58128428bc556054963ea6d1c

    • SHA512

      5a55a0e83c514a7f98a933eb658d72ce3d4fbc371cdaf737b80fa1db75cb77f1a6dc429bd0b852f7ab3985bdba497b475979de67bc43675d4857d235d9baf96b

    • SSDEEP

      12288:tCQZsNPaRtCQjl6dOUSCxwBceIBQpF6Nn5UNTBGSBmMy2hkiRicdX4LDeTc0xtzs:eNDsYdOtTIBQ6NnKiSlRiuEIJR+nLh

    Score
    9/10
    collectioncredential_accessdiscoveryexecutionspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks