ec7b4f45fbfc555e24bbf4b2f0e3659695a0c1b3ef5c343252e9a995d3108f4c | Triage

Submit
Reports

Overview

overview

Static

static

3

IDR-500000000.scr

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

IDR-500000000.scr
Size

1.5MB
Sample

240906-j96l7swcrj
MD5

c3af78c466127936893943c095f790e0
SHA1

221dd79a6b446fc059e8c2a3a835d323dc7f7de3
SHA256

ec7b4f45fbfc555e24bbf4b2f0e3659695a0c1b3ef5c343252e9a995d3108f4c
SHA512

d50a79a13afbcd2f877874b68cd10ccdb57aabc29389a4698fa461ae5c432f912817e3bcfd15929b0dc4c8af17673871adc93a7841c52a18119d43a46fda117f
SSDEEP

24576:rnmA81BdYN+ZlMbEJPALsbH65YjtPjTgiEO3DuBseKTfasKkeaYd1d6KU4i3T+X0:IvZabE7aShPZPzuZMtsaYtt9Zkb

Score

10^/10

credential_access discovery persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

IDR-500000000.scr

Resource

win11-20240802-en

credential_access discovery persistence stealer

windows11-21h2-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  IDR-500000000.scr
- Size
  
  1.5MB
- MD5
  
  c3af78c466127936893943c095f790e0
- SHA1
  
  221dd79a6b446fc059e8c2a3a835d323dc7f7de3
- SHA256
  
  ec7b4f45fbfc555e24bbf4b2f0e3659695a0c1b3ef5c343252e9a995d3108f4c
- SHA512
  
  d50a79a13afbcd2f877874b68cd10ccdb57aabc29389a4698fa461ae5c432f912817e3bcfd15929b0dc4c8af17673871adc93a7841c52a18119d43a46fda117f
- SSDEEP
  
  24576:rnmA81BdYN+ZlMbEJPALsbH65YjtPjTgiEO3DuBseKTfasKkeaYd1d6KU4i3T+X0:IvZabE7aShPZPzuZMtsaYtt9Zkb
Score

10^/10

credential_access discovery persistence stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverypersistencestealer

© 2018-2025

Terms | Privacy