fredy | a128b0296bdef3d0accfcf8d7a0edd59c4203d9e5f6eff907715b3d9a3d789f7

Sharing

Copy URL Twitter E-mail

General

Target

IDM_PASS9092.rar
Size

32.1MB
Sample

240913-hkxgkazflg
MD5

8bf3852d58101be33b340e6b478f743d
SHA1

42a110d27438ceedf70eaca07b18a48800bbe134
SHA256

a128b0296bdef3d0accfcf8d7a0edd59c4203d9e5f6eff907715b3d9a3d789f7
SHA512

5f7f802756d10b604e242d83a8c65c61fcf34088777685bb65057fd58d49b73e0ee358d9253a4b6746ae52ceb0f759a1f6cda5a9550e0b11d0177c3a4eda3baa
SSDEEP

786432:9UKNXPeICBZME8ikHsVlDYT/9NsLSAG3u7KNu4Ucbk0X02IVSq9pNRER:aKAj/8ikHs/DYjQLG3uKu5fSkpNRm

Score

10^/10

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  3.1MB
- MD5
  
  bfcaf842e8364b0ed3c49f12ae8a3b7d
- SHA1
  
  634a62bc50e022389fed5c067a5c427d294386ec
- SHA256
  
  926f900e45e94f6c8500b5265fe89b3fd6dd3347fe158583bbaa2abda3c12b27
- SHA512
  
  8ee330cce65945461a6699478c31ae8883cc0b055551f838ddc2633dcb53b96dac8a60e5a1eead783ea7c43db54a50041874df7b50258a56c699114223ed1cc1
- SSDEEP
  
  49152:ytTD3Ka0tK8T2J5e0EadrDFaRgDme0f17yQjkYPTnh1BDqE+J8iQwWdA+S+om/mz:/0EYrWFeCj+J8iPOzu
Score

9^/10

discovery credential_access spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  file/data/local.html
- Size
  
  895B
- MD5
  
  30c02bca270d4e36ed84cd6e965f5960
- SHA1
  
  59af8e63df16858dbc2775a9754d5e1b2f85e3ac
- SHA256
  
  b45f7dca7ef88da40b4e5de792846168944ca6b18e36ddd24d73d995896239c9
- SHA512
  
  3e91c2430546937d0e1bb002830f79ab5f94038d300eeb9c392cb457926a2ea6edd21e6db665d4efae55cf3052eeeb6c8a3921fb7c29516e901a0aa25d863720
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  file/langs/Arabic.lang
- Size
  
  75KB
- MD5
  
  b41d605124486696f0d9e654227cd42c
- SHA1
  
  ab8ade567e61b07cc3ea223cd65fb3f8e1f411b8
- SHA256
  
  24df49a72fcc767e6cb409c51d317c692b8fe6f29cb8b5c9f7d9d404a9646011
- SHA512
  
  f90457141c6ae6366a84feccd311dd9ccc27d53d85fca39e5bdab3094b3b00dbf4acbc0152b792176dc2a1b141fa4e77503e365d79f02702f3a2b0449e84fa9a
- SSDEEP
  
  1536:26YuNjnFQARsFr1taia7kr3IJaivaB3LHFQIAAVJ:26d5nFgFr7aia7kr3I0ivSbFQIAa
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  file/langs/Armenian.lang
- Size
  
  69KB
- MD5
  
  0959f3b6c3aea0bd5a5358c683f52c45
- SHA1
  
  356f656007cfac226a97257ee70dbbbf16708690
- SHA256
  
  52b02b71032f442871d211abd9a71c8f975a23ebdea0351d52b4433b3eb0dc5b
- SHA512
  
  6672f87fcf0b73fd01164d0ea1509327fd2809e7de348afc37d973aa7300606d7779d69e5668ca23226ad31001d84bff350a89f0f4584ffcf434d652cfc146f8
- SSDEEP
  
  768:qlzLmfo3hklSGCGEnBvPOjgVhrkme5yZ1l7Rhd1X0CSxbnX95CYXNWtX4ytN0feq:3gILeXMKf+r
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  file/langs/Belarusian.lang
- Size
  
  66KB
- MD5
  
  8ababd664b16e44f258e0b8c565ddbbf
- SHA1
  
  057cc0018af5b19913a4252256b52921ad07a8c1
- SHA256
  
  e6e270568c5b1e06a87d688e8b552572c19dcd53bb73545dccd936fdde4b8e81
- SHA512
  
  59d96f993681a7df1a6608b03e3d7d1852c266da1b3e29e49ae0c61b0c9db554a7e1cb4e06692e8bab05efbb833a1e9a2cff858297e87bf5739be8fbb7c3ef37
- SSDEEP
  
  768:FL2dXWHIKw9CIyPAJUtVQA0ugDFndoAXB7AqaroY/KQPLmp1DebKzRx9pdZ/8gjq:gdXWH4nlHPQ
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  file/langs/Catalan.lang
- Size
  
  76KB
- MD5
  
  00a97ed2bc53c60a807f4139e6916403
- SHA1
  
  0cdf17af82e317ecc1cf3069182283d4990000c3
- SHA256
  
  c4161e84faf78ffa85627f3d7737a8450327faaaf7a7b2a86fe7911cadea43ca
- SHA512
  
  30327f1265805bff635bcc96813d079b157192ae6c84cae2845bd80d6ae198bc465971d1e6ffe5606531efc187da3f5ee13394f6a7b33ee511fd0d935695e510
- SSDEEP
  
  1536:R0nTXmiWuT3gnRT5t1J8+DPvY5QnxxnQCBvJR9IEdz0mivJZfZZFtGBGQl:kmiwnRT5t1JXDPvY5oQC99Hz+DGEQl
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  file/langs/Croatian.lang
- Size
  
  51KB
- MD5
  
  00791770ed83c0851a18d35347422b46
- SHA1
  
  a26b3e86c235fcc5850654f5c279f78f818f574c
- SHA256
  
  aed3edf687c78663eccb537ff506a4fd5dcb6ccdd2a428b57507964a21297dd4
- SHA512
  
  aebb82bc29ff3d0cc8cacad9b7c38fd06e4a5b423b19210732905bc1a940d7f67d11d5e007c4c66a13fbe9f8941160b12ee8dfcce57659d354f468fb91bf8c87
- SSDEEP
  
  768:R6vk2haEUfqDfCAJ5VFuM4qNVijBCYdGONSsLLZbnjPbZSt5yUN:cc2GXBfD/LYyw
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  file/langs/Czech.lang
- Size
  
  73KB
- MD5
  
  1eb5de291dd2d32404503e8f8039b277
- SHA1
  
  8350fb48e1d3d859ad48382b6ecbae367383ddda
- SHA256
  
  39c1e6f2de455328f702a978eeccc3381739d7f02584e404ce31bbfc6f397d5d
- SHA512
  
  156267febe55bd22d88f1c37767b3baf1293d18cc88022440312753936735d623b418d483de7a071780d5693c1395ea6f3dab8019ff7235c3dfdd6765bbd751b
- SSDEEP
  
  1536:dwrH5ASPEc6/NdYhl99tzXylfLAmDGQoYaif:mrWN69iqs
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  file/langs/Danish.lang
- Size
  
  74KB
- MD5
  
  5815488f458b0802e2b7971219a58f45
- SHA1
  
  eed558b1c14d44d0f7ef8ee0011bcb754c0fdc01
- SHA256
  
  0ba8bff1637855b699edc078f89a776309fa593757862d86d7cc6d92a58a16ab
- SHA512
  
  6ec115d3b99664973287e9d6d4106cc9b0e6e96f67befa00ad8ad0e9a96540a99b34284442573f319a1d608634af83cfa5d7b405e4ab509af28f24cd6f118bd2
- SSDEEP
  
  768:Df3SmJ0jAIXTtp8YCFDQoUibE0R8hMGPQGEWATF4qP8CWzQ1naHOs4ZiGzB2t33n:DffJ0SRQMtxNW01d2yZb87
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  file/langs/Dutch.lang
- Size
  
  74KB
- MD5
  
  a746b020168bca8241d738016af15c33
- SHA1
  
  a51d3d217d7da376eab87c5b7ae1e07b6a79b653
- SHA256
  
  b2d1ffc5de469a2ec9331d2778336d41fd945545d4883b28112cd76e0f10b16b
- SHA512
  
  b5aa668bb495173248075e4289d36ca2b5ffb6eae15a530b0267b3f28ed4974e77f7d4c2c3ae7a02fdd0b10d0bb4c5b7d740f7424395999a4ecc18e954719877
- SSDEEP
  
  768:rlPB1gZuQK8l3kQn91NM4M//QI4rYrD+HgtIXVS00H3JvBLaXHPF58jVMPWoLt/v:hwK8l3kQrrYrDb00K2br8oJKsP2d
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  file/langs/English.lang
- Size
  
  73KB
- MD5
  
  1200786cd2bb2caaf7daba9c0899da0d
- SHA1
  
  f5ac148aef1489a26a39e757048fc247cfb5eda5
- SHA256
  
  1de464356b9e7fc27f07e7fc488dc55d7b9476d66a89ef2d1ee269cfde11a612
- SHA512
  
  0a5a02477b2b0cb7b901c55f4e8ea84a0a68815ba05eb6cad8cf5a79f3d40fbc14f41f8bc2a5ba71bdb5720250efd5899bd20dd4e96ed5d1d13300934e52ee93
- SSDEEP
  
  768:jtWXHNkFQHI0T5k7eE1k6AJ5VIlW9HrPm1ixh3NDjuMVfoXFKAt8vhSbXzZtv6Pf:+HdoFcbct6Pse/C09
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  file/langs/Finnish.lang
- Size
  
  51KB
- MD5
  
  f456a4e028dc9ae7bc093fdd06d7f0a1
- SHA1
  
  b7b985935c59fc91064404e26455698b2404a728
- SHA256
  
  5d95e4f6169455f7bd307e063014dad47505d8fc62cc966b7bdad7082a8a4692
- SHA512
  
  55c373515fa62ff199185aa749924e784f3a801fd58193da28daba0d9f67ab84026c1e9de3d722c8d11d8c7b01831480fd1e95d1bb37c12ea697c8b8143825e2
- SSDEEP
  
  768:nmT7HduZ4OIAP6AJ5VgRNWOh0npktZAe/t6HDTLImYIS6/CX5OAl3MYJNKeR:nS79uOSkTvgfLVYV62oY3pCO
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  file/langs/French.lang
- Size
  
  80KB
- MD5
  
  0a9e70dc48dbbb26ef9e1600e0eebd97
- SHA1
  
  f57b7b289c3a3102473a73cd5efe1c424dd0f30c
- SHA256
  
  9595d3ab0026bbb3cd429236c22af85c05c9cc5faca44aed923b410fb2336276
- SHA512
  
  d82c0e30f38de14e2dce14bf884e4d3f3003316a356878cc01f03ecb5d09d947f17a16b0fb6a6462bebc1f09ffe7699e73a4332e480d2f99ba240be3a08abaf4
- SSDEEP
  
  1536:+vLujfdqBdxHhYp4mDGqrCRAeMakl27wdLx:+vLujYFhrUCRA32c
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  file/langs/Hebrew.lang
- Size
  
  80KB
- MD5
  
  d6007304e26d1f972ace7bc03fa36cb6
- SHA1
  
  49f2ba8ead8f6e737c56284630d959ca8f8d9225
- SHA256
  
  06704d3fa1ffa57fb9063ecc84589c5c759d494b0e7c42186e2719e3e2e7efa1
- SHA512
  
  1458ce395c2b6e02238d801b5fb41ec3f414951809ca26eea634bc4c606d5cfd31b6cb7c15c31ddca147403c12c97d0f5faae72a35ed7d59b88f2f04e48dc95b
- SSDEEP
  
  768:qFg2ikYqrRVb91xaMqLEryMRMk8NOt66xOoqrPJKpRFdfa+K9Jhmy2SBDlf+SZxN:2g2WDMOt692DC0tAOm5pM
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  file/langs/Hindi.lang
- Size
  
  66KB
- MD5
  
  c625554aac020c9d74916b9406f0c002
- SHA1
  
  5f55c5a914fd7f5cbadb71c25779db3d631810f3
- SHA256
  
  56840005980740c1003a947bc0fc52993a8b49673a2dcfb85959f9ee011d53ba
- SHA512
  
  58a5d05fcf50529b3ed763280615cd1f3a647e6d14a8ee8c05c0b63c3d1b745e728652db169bbcd5ae9e5f60a2bb1336632479aa0aff1b949a9c40410b8c6170
- SSDEEP
  
  768:ba0TLFm5t6AJ5VImMWhOs5LJ7VaGxp8UVIWqBm2M:O0TL4Jf/
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  file/langs/Hungarian.lang
- Size
  
  75KB
- MD5
  
  49582e86c00370271e6a836467e297a7
- SHA1
  
  83614f864390679c511473c7c2487026112802e6
- SHA256
  
  af414b5d79420ea8d5edc5179a35a467334c2c92605353cd29267abd75345f73
- SHA512
  
  a6ab8683254c63f50f53a757bfc43303bdc74a410a8a93020bb75c7f1e806081dd11a72c35d7125721586da6d2bc0fc3b28059494d39fd95e0c3e688378bfbf6
- SSDEEP
  
  1536:S6AnIXjUTf3zNkLUTVtZT3pmZR+gr3IAR2oV2/ATmepoLHC:8nIXjUjiITPZTpmZR+W4AMo5KzC
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Credentials from Password Stores: Credentials from Web Browsers

Executes dropped EXE

Reads user/profile data of web browsers

Checks installed software on the system

Enumerates connected drives

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32