General
-
Target
52e9f55d274e2ee01959fe2d8297a927.exe
-
Size
107KB
-
Sample
240824-nphrvsxgqh
-
MD5
52e9f55d274e2ee01959fe2d8297a927
-
SHA1
b16e5df39a96c81edb1e98239031b75834b07a87
-
SHA256
d180729ea9f2346e9abd7d96fc1d0ae39fa012d9660f50f79c71b9f828b88dc0
-
SHA512
2e51d8c331690ca97a05bb89490d179a0c50dae1b1e0def82aa7f023376b8ecc844a85b74e54be55695d05ee7623bb2bd064df836e5307d3687de1e6fda8cc1c
-
SSDEEP
3072:VGo3Lc37ACx6oXKo39HxEcKe/h/RS8RMr:V33Lcrdxq+JhM
Static task
static1
Behavioral task
behavioral1
Sample
52e9f55d274e2ee01959fe2d8297a927.exe
Resource
win7-20240705-en
Malware Config
Extracted
arkei
Default
Targets
-
-
Target
52e9f55d274e2ee01959fe2d8297a927.exe
-
Size
107KB
-
MD5
52e9f55d274e2ee01959fe2d8297a927
-
SHA1
b16e5df39a96c81edb1e98239031b75834b07a87
-
SHA256
d180729ea9f2346e9abd7d96fc1d0ae39fa012d9660f50f79c71b9f828b88dc0
-
SHA512
2e51d8c331690ca97a05bb89490d179a0c50dae1b1e0def82aa7f023376b8ecc844a85b74e54be55695d05ee7623bb2bd064df836e5307d3687de1e6fda8cc1c
-
SSDEEP
3072:VGo3Lc37ACx6oXKo39HxEcKe/h/RS8RMr:V33Lcrdxq+JhM
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2