Overview

overview

7

Static

static

3

d2179c32e1...0N.exe

windows7-x64

7

d2179c32e1...0N.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    d2179c32e1d00f92ad9b741639a48ab0N

  • Size

    1004KB

  • Sample

    240912-s9gshssdkg

  • MD5

    d2179c32e1d00f92ad9b741639a48ab0

  • SHA1

    1a1e7e4ac740eac96ab49005d889ecbf77968ed0

  • SHA256

    65a97c4b278cd1d973f51446bbba99db03628672cc070a4774a7037e8e1e4d28

  • SHA512

    53615fe4dbb50ca37212e8dd1b7087fb2914a0a034dfbbb1f8894d8c0c80990ccb53a2c0f1b8c53ed893017aebfda981532f84a5752f3ad8b88b40e92caab2e8

  • SSDEEP

    12288:NKE6zhdvk77mVTfHdQrkmSixJvxCKaI4/eiJUIVjrirGWy8Gc7MKgbg0DysOXlfF:mRWx6eKtL0ZJ3I5r

Score
7/10
credential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      d2179c32e1d00f92ad9b741639a48ab0N

    • Size

      1004KB

    • MD5

      d2179c32e1d00f92ad9b741639a48ab0

    • SHA1

      1a1e7e4ac740eac96ab49005d889ecbf77968ed0

    • SHA256

      65a97c4b278cd1d973f51446bbba99db03628672cc070a4774a7037e8e1e4d28

    • SHA512

      53615fe4dbb50ca37212e8dd1b7087fb2914a0a034dfbbb1f8894d8c0c80990ccb53a2c0f1b8c53ed893017aebfda981532f84a5752f3ad8b88b40e92caab2e8

    • SSDEEP

      12288:NKE6zhdvk77mVTfHdQrkmSixJvxCKaI4/eiJUIVjrirGWy8Gc7MKgbg0DysOXlfF:mRWx6eKtL0ZJ3I5r

    Score
    7/10
    credential_accessdiscoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks