Overview

overview

9

Static

static

3

f8fab1ea80...0N.exe

windows7-x64

9

f8fab1ea80...0N.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8fab1ea80e52ed5d5d519c208ac75a0N.exe

  • Size

    2.6MB

  • Sample

    240903-qed22aydre

  • MD5

    f8fab1ea80e52ed5d5d519c208ac75a0

  • SHA1

    4ac1404b43e3b7fdbffae7e7f889026e1ea90060

  • SHA256

    f2a2122cc308c7c4e4d14a1304c49de790a8a98f22a21ad88e55ccb4402f988b

  • SHA512

    b23f1d87c487efb7c63ca36aa21acb3a1249a7461c4b680c845aa2af615f2290f25d1c07af4c123974d5b5da63bc44c5f007d3423cb674a9431f47113e8205e6

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBPB/bS:sxX7QnxrloE5dpUp4b

Score
9/10
credential_accessdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      f8fab1ea80e52ed5d5d519c208ac75a0N.exe

    • Size

      2.6MB

    • MD5

      f8fab1ea80e52ed5d5d519c208ac75a0

    • SHA1

      4ac1404b43e3b7fdbffae7e7f889026e1ea90060

    • SHA256

      f2a2122cc308c7c4e4d14a1304c49de790a8a98f22a21ad88e55ccb4402f988b

    • SHA512

      b23f1d87c487efb7c63ca36aa21acb3a1249a7461c4b680c845aa2af615f2290f25d1c07af4c123974d5b5da63bc44c5f007d3423cb674a9431f47113e8205e6

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBPB/bS:sxX7QnxrloE5dpUp4b

    Score
    9/10
    credential_accessdiscoverypersistencespywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks