General
-
Target
13337de67eadfc62a67fd61eb5d9bd7e1b9fc740c836d1abd1eef5141abf55b6
-
Size
740KB
-
Sample
240901-ngzqeayhnl
-
MD5
9991f8b0c35b53cdbaa91c76bc4761f2
-
SHA1
f9165a2ae875d2719b5d9f57eb8397d02b7e72a7
-
SHA256
13337de67eadfc62a67fd61eb5d9bd7e1b9fc740c836d1abd1eef5141abf55b6
-
SHA512
03c9047fff9c7757c631522d7db37738e4595db7cf32b47fa6c41e1bebc95073d323aea83b39b034102545ae868fcca012b3f28ed03692b023efdbfb2a3084d2
-
SSDEEP
12288:uAmg4XsQeuqVqHTbFFRo+UHM/rcJ7D3RdnQet/bUrjpjFye+3jK8S2n:uAmHXSVkxzUHMo7TAG/bgC13Fn
Behavioral task
behavioral1
Sample
466a7a4bfd7d7bd3a21da0a70eba84be27533dd1f42b44cb50b559524870b4fb.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
466a7a4bfd7d7bd3a21da0a70eba84be27533dd1f42b44cb50b559524870b4fb.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
socelars
http://www.iyiqian.com/
http://www.hbgents.top/
http://www.rsnzhy.com/
http://www.znsjis.top/
Targets
-
-
Target
466a7a4bfd7d7bd3a21da0a70eba84be27533dd1f42b44cb50b559524870b4fb
-
Size
1.4MB
-
MD5
8283cec57699a2836b4c85785a6a2ddb
-
SHA1
f2af2fe2acff956329a33083161885e15ca0088d
-
SHA256
466a7a4bfd7d7bd3a21da0a70eba84be27533dd1f42b44cb50b559524870b4fb
-
SHA512
816fee014a0d774c317d708dcba5111fe46ab40d5b31e2b718da79f7f16b4119eeae13dc3bbc350ba65f8b71fcba8dd9ac07c6b9ec2ca0b532e885195e139b95
-
SSDEEP
24576:cxpXPaR2J33o3S7P5zuHHOF2ahfehMHsGKzOYf8EEvX3CZ1zo0:spy+VDa8rtPvX3CZlo0
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1