Overview

overview

10

Static

static

10

fb240f8a4a...07.exe

windows10-1703-x64

10

fb240f8a4a...07.exe

windows10-2004-x64

10

fb240f8a4a...07.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb240f8a4aa481c107c8dc11f1831558f109838f7e887247383fca779f562607.zip

  • Size

    1.3MB

  • Sample

    240904-ylek5swgjd

  • MD5

    559999bcb03ac63aec1358ba29afd57f

  • SHA1

    caef3b01b3ae6fc4a60e4dd09c737d888cd2383e

  • SHA256

    b7e53f4caa02a64fa0335166f03a9f45554481dbd62442046143ae9b8550aa33

  • SHA512

    5f18ac78e6842ab5200c9206e22189e5cb7647a243c74c8ad5d1f00130a0e6f30599f01296a08ba1ff1c3c2809f163e3e3422b8da19cc0b850a02e93ce9a53c4

  • SSDEEP

    24576:TxAMbaIAHp6uv9QfKPgtQSXDl+fDP8RRK9LWOIDFMW3UtEULZ5gGOaU:TxAmaNp5v9QCIFMfDPOQ9WD6W3MjLfg1

Score
10/10
fredyaspackv2credential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      fb240f8a4aa481c107c8dc11f1831558f109838f7e887247383fca779f562607.exe

    • Size

      1.6MB

    • MD5

      f3ec92776e756b393a09b1af72f697c8

    • SHA1

      edc146728bc006b76094dd1d21a8217e612bef0f

    • SHA256

      fb240f8a4aa481c107c8dc11f1831558f109838f7e887247383fca779f562607

    • SHA512

      32ca2c0d48427d5890e3e0af419f554528d9c29b143f4fa19369298a05d05be393914cb602e9069735f8c24793ae2687c773e11954246313f427d0f3135a065d

    • SSDEEP

      49152:C85F9jLrmRlBprqFOFtTEO+iaFsvVjrB:C81jPsl32FOrEnF

    Score
    10/10
    fredycredential_accessdiscoveryspywarestealer

    • Detects Fredy Stealer Payload

      Fredy Stealer is an infostealer written in C++.

    • Fredy Stealer

      Fredy Stealer is an infostealer written in C++.

      stealerfredy

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks