Analysis
-
max time kernel
134s -
max time network
140s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
23/08/2024, 09:19
Static task
static1
Behavioral task
behavioral1
Sample
SetLoader.small.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
SetLoader.small.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
SetLoader.small.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
SetLoader.small.exe
Resource
win11-20240802-en
General
-
Target
SetLoader.small.exe
-
Size
6.2MB
-
MD5
0ea7c6316dd45ced14dbd5b06dfb2098
-
SHA1
6a53d81c044117204b5d256aeb121fa77ee23e78
-
SHA256
719b18a62ffd20ee2ac96d12cdb6a961469e00bed11255e1ce616f8747239bde
-
SHA512
1e934d7da30a5357f9715395b0c320fe59a32b3cf3ea298d410bb2d359fe397e34e45e792a0d189412bbc90970384d6dcfa46a6facbe570d42125a9c4113dcb2
-
SSDEEP
49152:gLnlZDQmTSiQb4N+rgzs5/cS3S7EI05pb2OiYbil7wOdmftCQor+gEu5+HDjlI3W:gbHfYb7EmfQ+gNICEvZ5
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/204-12-0x0000000140000000-0x000000014027E000-memory.dmp DeerStealer behavioral2/memory/204-18-0x0000000140000000-0x000000014027E000-memory.dmp DeerStealer behavioral2/memory/204-17-0x0000000140000000-0x000000014027E000-memory.dmp DeerStealer behavioral2/memory/204-16-0x0000000140000000-0x000000014027E000-memory.dmp DeerStealer behavioral2/memory/204-15-0x0000000140000000-0x000000014027E000-memory.dmp DeerStealer behavioral2/memory/204-14-0x0000000140000000-0x000000014027E000-memory.dmp DeerStealer behavioral2/memory/204-13-0x0000000140000000-0x000000014027E000-memory.dmp DeerStealer behavioral2/memory/204-1-0x0000000140000000-0x000000014027E000-memory.dmp DeerStealer behavioral2/memory/204-19-0x0000000140000000-0x000000014027E000-memory.dmp DeerStealer behavioral2/memory/204-20-0x0000000140000000-0x000000014027E000-memory.dmp DeerStealer behavioral2/memory/204-27-0x0000000140000000-0x000000014027E000-memory.dmp DeerStealer behavioral2/memory/204-35-0x0000000140000000-0x000000014027E000-memory.dmp DeerStealer behavioral2/memory/204-38-0x0000000140000000-0x000000014027E000-memory.dmp DeerStealer behavioral2/memory/204-46-0x0000000140000000-0x000000014027E000-memory.dmp DeerStealer behavioral2/memory/204-47-0x0000000140000000-0x000000014027E000-memory.dmp DeerStealer -
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 204 SetLoader.small.exe 204 SetLoader.small.exe