Overview

overview

9

Static

static

3

file.exe

windows7-x64

9

file.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    423KB

  • Sample

    240823-vb858awdne

  • MD5

    5ed5be6e0b1f72f6e5c7e2b6d9a470da

  • SHA1

    6cd19751b923da7f0613fda0096ed03278ec7d30

  • SHA256

    8cbde99577f26190ebf83a23e5adb8260bfd7a0fb978566c7c84f72af40e7e2f

  • SHA512

    b44bf205ecd3f0cc34c0054b151f8383afbc225ae0e00ef18aeb3b825614ba361ad5efcd525f6ac7841bc584110611a0d19d01de6598fbbdce73f96ea9a57fb7

  • SSDEEP

    12288:Pqv4ZN53GCYr+qYsdejuAOSbUUIk4jmUE3g:Pj/57K/Y8e7OSyjHP

Score
9/10
credential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      file.exe

    • Size

      423KB

    • MD5

      5ed5be6e0b1f72f6e5c7e2b6d9a470da

    • SHA1

      6cd19751b923da7f0613fda0096ed03278ec7d30

    • SHA256

      8cbde99577f26190ebf83a23e5adb8260bfd7a0fb978566c7c84f72af40e7e2f

    • SHA512

      b44bf205ecd3f0cc34c0054b151f8383afbc225ae0e00ef18aeb3b825614ba361ad5efcd525f6ac7841bc584110611a0d19d01de6598fbbdce73f96ea9a57fb7

    • SSDEEP

      12288:Pqv4ZN53GCYr+qYsdejuAOSbUUIk4jmUE3g:Pj/57K/Y8e7OSyjHP

    Score
    9/10
    credential_accessdiscoveryspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks