2697550bccb2a285b45ae05c8f13241a8cd04e7f30a119ea912fd87530cf03e6 | Triage

Submit
Reports

Overview

overview

Static

static

3

1751c83ef7...45.exe

windows7-x64

3

1751c83ef7...45.exe

windows10-2004-x64

Sharing

General

Target

2697550bccb2a285b45ae05c8f13241a8cd04e7f30a119ea912fd87530cf03e6
Size

963KB
Sample

240905-q5bplasbpr
MD5

e2c5a9a57dfe250961b7c227b8f561ce
SHA1

c83d2ae9b9e19bfbd740e9e48ae43f1c04b6249d
SHA256

2697550bccb2a285b45ae05c8f13241a8cd04e7f30a119ea912fd87530cf03e6
SHA512

0bfd2344b9fd58584e2ba9eac02072377ff4e30f4b73d50fc0a02c5ecb33c6708933637dff6632a08c339f19cc407eaf7eee2d307d5cc9f9516dccad2a2f2086
SSDEEP

24576:ojIOh64L2HyPouieraLsIzV7ys8lkHntqkaQOCd:ojIO8YTou9+VzjtqZ/Cd

Score

10^/10

credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1751c83ef77220f187b74a5ccab4ac42cbab2171eecd354e1f4c40e230329245.exe

Resource

win7-20240903-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

1751c83ef77220f187b74a5ccab4ac42cbab2171eecd354e1f4c40e230329245.exe

Resource

win10v2004-20240802-en

credential_access discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  1751c83ef77220f187b74a5ccab4ac42cbab2171eecd354e1f4c40e230329245
- Size
  
  980KB
- MD5
  
  deac6c90758e3d64c414dc4f4cecd567
- SHA1
  
  414c1429313a35c4aee103e94fa3bb36a2c99687
- SHA256
  
  1751c83ef77220f187b74a5ccab4ac42cbab2171eecd354e1f4c40e230329245
- SHA512
  
  b5d067eca3c6af101655ee48446cc7f3720ba2685bed3805c9e6b7f49050269f8af2fc38e40992e44d671ecb8763bcb501cc14e9c6b39a876d913c1e78db9244
- SSDEEP
  
  24576:PedZwxCM1mQQm+v6anDT461PzrNQXq3GsRl3h4:PeLK0QhOzTP1Pz2atj3
Score

10^/10

discovery credential_access spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

credential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy