Overview

overview

10

Static

static

1

027cc450ef...d9.dll

windows7-x64

10

027cc450ef...d9.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    027cc450ef5f8c5f653329641ec1fed9.exe.zip

  • Size

    305KB

  • Sample

    240822-qsx23ascnr

  • MD5

    a64f037b8dcb9fa2aa6e0deb3b2dd971

  • SHA1

    a6298e5370215b0eb3a7c11ede3ae7c96104314b

  • SHA256

    c849ceccdc86898c024b31cd9b83ed4787e7529bfc3488c7e7cc37c7878e2ad6

  • SHA512

    aecc0344158d627daa319fa4e678c13aab2f97daf7f3ffafa8f1b5f4e5f0c87d5f527b7d357c13bc767f688ad70b4a8888544531193d58fa1f652d3a82f51e38

  • SSDEEP

    6144:1fKFE/mOZvzZ4K4IrsWD5GNPdajE2sbm26y7XJBt9w:hKy/mazZE0syAxdajCbQSV6

Score
10/10
mimikatzbootkitdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      027cc450ef5f8c5f653329641ec1fed9.exe

    • Size

      353KB

    • MD5

      71b6a493388e7d0b40c83ce903bc6b04

    • SHA1

      34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d

    • SHA256

      027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745

    • SHA512

      072205eca5099d9269f358fe534b370ff21a4f12d7938d6d2e2713f69310f0698e53b8aff062849f0b2a521f68bee097c1840993825d2a5a3aa8cf4145911c6f

    • SSDEEP

      6144:y/Bt80VmNTBo/x95ZjAetGDN3VFNq7pC+9OqFoK30b3ni5rdQY/CdUOs2:y/X4NTS/x9jNG+w+9OqFoK323qdQYKUG

    Score
    10/10
    mimikatzbootkitdiscoverypersistencespywarestealer

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks