Overview

overview

8

Static

static

3

3b361c1818...0N.exe

windows7-x64

7

3b361c1818...0N.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b361c1818765f066f1409ca559a4e50N.exe

  • Size

    6.8MB

  • Sample

    240905-pmkdca1aqn

  • MD5

    3b361c1818765f066f1409ca559a4e50

  • SHA1

    d34732c2e431fb5fd165c4ecfebce30fb0a1b051

  • SHA256

    7bfcc4832d475958c16b8c324316f7f23a0f523dc13a3204a345783cc968d800

  • SHA512

    59892c51d1a7b295f203d56053b437dce63f4b6706c8c7971c38d7a69e0e88329c0c88f055f26d7580e002d3bdaae91b4160d2cf803f821365a91f7ca1337da7

  • SSDEEP

    196608:Ph1IVOna4vdQmRrdA6l7aycBIGpEjQ2sKB:p1IVOZdQOl29V2s

Score
8/10
executionpyinstallerspywarestealer

Malware Config

Targets

    • Target

      3b361c1818765f066f1409ca559a4e50N.exe

    • Size

      6.8MB

    • MD5

      3b361c1818765f066f1409ca559a4e50

    • SHA1

      d34732c2e431fb5fd165c4ecfebce30fb0a1b051

    • SHA256

      7bfcc4832d475958c16b8c324316f7f23a0f523dc13a3204a345783cc968d800

    • SHA512

      59892c51d1a7b295f203d56053b437dce63f4b6706c8c7971c38d7a69e0e88329c0c88f055f26d7580e002d3bdaae91b4160d2cf803f821365a91f7ca1337da7

    • SSDEEP

      196608:Ph1IVOna4vdQmRrdA6l7aycBIGpEjQ2sKB:p1IVOZdQOl29V2s

    Score
    8/10
    executionspywarestealer

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks