Overview

overview

9

Static

static

3

a00e3320ba...0N.exe

windows7-x64

9

a00e3320ba...0N.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a00e3320ba2df00e58f7732d834347e0N.exe

  • Size

    2.6MB

  • Sample

    240821-e1a2qatcqm

  • MD5

    a00e3320ba2df00e58f7732d834347e0

  • SHA1

    4c93ae3fd48643715d4e0c8d36157a2c62a67ce1

  • SHA256

    1dd66a35b21997efb3cabefaa85ff9a2f94bd87b0c73266c593d665acd3d7163

  • SHA512

    cc48acb7f544f0de679411c4e7d38935655e867e5a58ec8e108a8646bf3240e810a9f10b1a1cc1a4c5d0205cddbb363b285bfb9b56ee9ffbb110f0f306378dc6

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBiB/bS:sxX7QnxrloE5dpUpBb

Score
9/10
credential_accessdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      a00e3320ba2df00e58f7732d834347e0N.exe

    • Size

      2.6MB

    • MD5

      a00e3320ba2df00e58f7732d834347e0

    • SHA1

      4c93ae3fd48643715d4e0c8d36157a2c62a67ce1

    • SHA256

      1dd66a35b21997efb3cabefaa85ff9a2f94bd87b0c73266c593d665acd3d7163

    • SHA512

      cc48acb7f544f0de679411c4e7d38935655e867e5a58ec8e108a8646bf3240e810a9f10b1a1cc1a4c5d0205cddbb363b285bfb9b56ee9ffbb110f0f306378dc6

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBiB/bS:sxX7QnxrloE5dpUpBb

    Score
    9/10
    credential_accessdiscoverypersistencespywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks