Overview

overview

9

Static

static

3

5d44d931b2...0N.exe

windows7-x64

9

5d44d931b2...0N.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    5d44d931b2aab85ab66c3806c6aca850N.exe

  • Size

    4.0MB

  • Sample

    240820-t8vhnawgpl

  • MD5

    5d44d931b2aab85ab66c3806c6aca850

  • SHA1

    fc51cbe724e9be94a9a3ab061c4693c75324d41b

  • SHA256

    b31f9d02c756e95a2eba310bf583e3a0cf97cfab0668751c7ccb6f9197824d34

  • SHA512

    a38306f47ad955bc5fd0d9dd6d32dd4ceb8979a2bd6a9ac53874c6e0e25fd3705737fa73554a2cc4d5a67cb31fe7695f7379696a3f7dea7a6e537900c8310f37

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB0B/bSqz8b6LNXJqI20t:sxX7QnxrloE5dpUp7bVz8eLFcz

Score
9/10
credential_accessdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      5d44d931b2aab85ab66c3806c6aca850N.exe

    • Size

      4.0MB

    • MD5

      5d44d931b2aab85ab66c3806c6aca850

    • SHA1

      fc51cbe724e9be94a9a3ab061c4693c75324d41b

    • SHA256

      b31f9d02c756e95a2eba310bf583e3a0cf97cfab0668751c7ccb6f9197824d34

    • SHA512

      a38306f47ad955bc5fd0d9dd6d32dd4ceb8979a2bd6a9ac53874c6e0e25fd3705737fa73554a2cc4d5a67cb31fe7695f7379696a3f7dea7a6e537900c8310f37

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB0B/bSqz8b6LNXJqI20t:sxX7QnxrloE5dpUp7bVz8eLFcz

    Score
    9/10
    credential_accessdiscoverypersistencespywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks