Overview

overview

9

Static

static

3

bcddf0a709...94.exe

windows7-x64

9

bcddf0a709...94.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bcddf0a709348bd5fba69137c137e6a938a095504abdf7652a1bde4184209994

  • Size

    2.6MB

  • Sample

    240826-cwxzks1flk

  • MD5

    1ef65379fb8b9a4031b68ee839b05fe6

  • SHA1

    b695a9d3e4cd4904747935d76873d4479984c218

  • SHA256

    bcddf0a709348bd5fba69137c137e6a938a095504abdf7652a1bde4184209994

  • SHA512

    8079e975bb40e5f3bce8a18f4c030d9da6524b836d5f6e8e1abeed426db7106af54cbbec22344c472ef9080c12bf3e09d7c0b672f443ea29d30c5ae267e0fc05

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBFB/bS:sxX7QnxrloE5dpUpCb

Score
9/10
credential_accessdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      bcddf0a709348bd5fba69137c137e6a938a095504abdf7652a1bde4184209994

    • Size

      2.6MB

    • MD5

      1ef65379fb8b9a4031b68ee839b05fe6

    • SHA1

      b695a9d3e4cd4904747935d76873d4479984c218

    • SHA256

      bcddf0a709348bd5fba69137c137e6a938a095504abdf7652a1bde4184209994

    • SHA512

      8079e975bb40e5f3bce8a18f4c030d9da6524b836d5f6e8e1abeed426db7106af54cbbec22344c472ef9080c12bf3e09d7c0b672f443ea29d30c5ae267e0fc05

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBFB/bS:sxX7QnxrloE5dpUpCb

    Score
    9/10
    credential_accessdiscoverypersistencespywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks