Overview

overview

7

Static

static

3

d193eb5c3e...84.exe

windows7-x64

7

d193eb5c3e...84.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    35f4bac45ac7ea8aefa86d9bb87131d2.zip

  • Size

    111KB

  • Sample

    240901-l5rzcsxfpl

  • MD5

    5c97c640bb1acd988a7427a05db76240

  • SHA1

    a08eb9401bc2e10e0e2a22baf7671ae0fe6e1e71

  • SHA256

    467b6c28e3a899fcf8da053d501b2373552d61601590e89cca9e82be65e92502

  • SHA512

    930261d13e31058ac59bb22ae12dba18430058e235f2e8c7c46ab006d89c40dbea51d00b2da78f6cc8a5587e3e075115780485a59455759773665b8cff77daf5

  • SSDEEP

    3072:EUghXRQ4NI7CWtN+B8RCrrZq3mKIxc0D/T:MQMWY8RwQ3hlET

Score
7/10
credential_accessdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      d193eb5c3e84f42e152b5170447a12dc6ba79b22cae60496af08e605d1511584

    • Size

      128KB

    • MD5

      35f4bac45ac7ea8aefa86d9bb87131d2

    • SHA1

      a22fbf01e92813377c035de3fe43de01cd1b04f7

    • SHA256

      d193eb5c3e84f42e152b5170447a12dc6ba79b22cae60496af08e605d1511584

    • SHA512

      dbc2b1fae632888fd1fcc45b4a01372c9375c2cbb9c166507d72745fbf8280fc578e673aee4d2c631bd7ff44bcc167af5fc033f706feb14e0a141c5101704460

    • SSDEEP

      3072:q+E6bAMOEVaT421edZs1LhsvlXR4VET421edZs:y5MOy2Os1Cl2MOs

    Score
    7/10
    credential_accessdiscoverypersistencestealerspyware

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks