Overview

overview

10

Static

static

1

ploader.zip

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ploader.zip

  • Size

    1.4MB

  • Sample

    240819-vldgaszcjl

  • MD5

    af181e3c3fc39d9219582e19457e30a8

  • SHA1

    030f096fa4f9afec1d1bc6530573a2c97c5c64c2

  • SHA256

    b7644b450c5c7189be0ff4109d2042cf74038eaa0503258f5c77ae3818d24a59

  • SHA512

    16a059536a023215316a78d52394c1fac1e67d9ca90db13a78ca4e1df19e8732e6b1c9231222c743afd07ec6fc0d62faebb2cffd6741c71d5daa1f05415f1aba

  • SSDEEP

    24576:KBsGSayaBzZmE95jNGqGHUqPJyy8fI5zOiwIJ/TeyOE5Q3XUqSmiif9Ct3SXdoht:K+vnG15rQdPJ8KzOIJd5OtH9C+GebO

Score
10/10
credential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      ploader.zip

    • Size

      1.4MB

    • MD5

      af181e3c3fc39d9219582e19457e30a8

    • SHA1

      030f096fa4f9afec1d1bc6530573a2c97c5c64c2

    • SHA256

      b7644b450c5c7189be0ff4109d2042cf74038eaa0503258f5c77ae3818d24a59

    • SHA512

      16a059536a023215316a78d52394c1fac1e67d9ca90db13a78ca4e1df19e8732e6b1c9231222c743afd07ec6fc0d62faebb2cffd6741c71d5daa1f05415f1aba

    • SSDEEP

      24576:KBsGSayaBzZmE95jNGqGHUqPJyy8fI5zOiwIJ/TeyOE5Q3XUqSmiif9Ct3SXdoht:K+vnG15rQdPJ8KzOIJd5OtH9C+GebO

    Score
    10/10
    credential_accessdiscoveryspywarestealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks