Overview

overview

9

Static

static

3

1b508da786...8c.exe

windows7-x64

3

1b508da786...8c.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    1b508da7860673586002b0c6bc8ac5f29ce72504c96bc6a162930a09538ff78c.exe

  • Size

    823KB

  • Sample

    240905-kgnflaxejf

  • MD5

    9d3f1ed5687b8053480f20f349ee3ddf

  • SHA1

    c8933a9a42a419340f104d7e6ad593e00e7165ea

  • SHA256

    1b508da7860673586002b0c6bc8ac5f29ce72504c96bc6a162930a09538ff78c

  • SHA512

    e03312316a2dac3f58abdaae93e3314328fb1cc5859aad5dc2e6baff2254cb439c6e7fe71338ec39a7f54f48d48ba6a1c2908b5ac82ac61ca4523afd2778a18a

  • SSDEEP

    12288:0DpDYP+TKs4EO1LyYppS3NiPnWy0v3Rtl:sl3KN1Qdi8Hl

Score
9/10
collectioncredential_accessdiscoverypersistenceprivilege_escalationstealer

Malware Config

Targets

    • Target

      1b508da7860673586002b0c6bc8ac5f29ce72504c96bc6a162930a09538ff78c.exe

    • Size

      823KB

    • MD5

      9d3f1ed5687b8053480f20f349ee3ddf

    • SHA1

      c8933a9a42a419340f104d7e6ad593e00e7165ea

    • SHA256

      1b508da7860673586002b0c6bc8ac5f29ce72504c96bc6a162930a09538ff78c

    • SHA512

      e03312316a2dac3f58abdaae93e3314328fb1cc5859aad5dc2e6baff2254cb439c6e7fe71338ec39a7f54f48d48ba6a1c2908b5ac82ac61ca4523afd2778a18a

    • SSDEEP

      12288:0DpDYP+TKs4EO1LyYppS3NiPnWy0v3Rtl:sl3KN1Qdi8Hl

    Score
    9/10
    discoverycollectioncredential_accesspersistenceprivilege_escalationstealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks