Overview

overview

7

Static

static

3

e8af5e3f94...1c.exe

windows7-x64

7

e8af5e3f94...1c.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e8af5e3f9444c55064f6eb16bd224d0e935ffebbdfe7d722c2491e7020625c1c

  • Size

    1.6MB

  • Sample

    240817-hllfpawbkj

  • MD5

    0424b537368d1e568fbd5e2cd779c105

  • SHA1

    ea05714cbdac43628b6c46a9387cf1ed3f5728f2

  • SHA256

    e8af5e3f9444c55064f6eb16bd224d0e935ffebbdfe7d722c2491e7020625c1c

  • SHA512

    63d3eb9f990d65e67e88192a1ced3c4d9631abddc6cfe7116d3de0ade34a63e61dc191004768e54923a5b6fb4fff256dd940489216c211dcc46661afc6617c15

  • SSDEEP

    24576:oWtIRSzHDRi6PbZxSzJ/kxoXFA5sbhsyQgEjo9ZiuyRgkhhp7GG4xfBrmcLKO:V1PRi6PbvSpkxoXFNNs5c9q17EG4n

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      e8af5e3f9444c55064f6eb16bd224d0e935ffebbdfe7d722c2491e7020625c1c

    • Size

      1.6MB

    • MD5

      0424b537368d1e568fbd5e2cd779c105

    • SHA1

      ea05714cbdac43628b6c46a9387cf1ed3f5728f2

    • SHA256

      e8af5e3f9444c55064f6eb16bd224d0e935ffebbdfe7d722c2491e7020625c1c

    • SHA512

      63d3eb9f990d65e67e88192a1ced3c4d9631abddc6cfe7116d3de0ade34a63e61dc191004768e54923a5b6fb4fff256dd940489216c211dcc46661afc6617c15

    • SSDEEP

      24576:oWtIRSzHDRi6PbZxSzJ/kxoXFA5sbhsyQgEjo9ZiuyRgkhhp7GG4xfBrmcLKO:V1PRi6PbvSpkxoXFNNs5c9q17EG4n

    Score
    7/10
    discoverypersistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks