Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
14/09/2024, 02:32
General
-
Target
e2c493b65359a28006d6fadde427a182caf5d4f07e0b034fae57fcab71dad342.exe
-
Size
2.6MB
-
MD5
1d6c11ec7dcc2a8be3ea0efe31061d40
-
SHA1
9e5678ec7a2286eeeb10b2a2fa0c96895f9c7620
-
SHA256
e2c493b65359a28006d6fadde427a182caf5d4f07e0b034fae57fcab71dad342
-
SHA512
bb389a68720b589aafe021fb7f35acb82ce644b10275ec7857e7ffc0e3fccddb59ba8690facc9a8ae63b84ab892e58e091bb672ebece8b94a75fbc9914b0de71
-
SSDEEP
49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBQB/bS:sxX7QnxrloE5dpUpLb
Malware Config
Signatures
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2c493b65359a28006d6fadde427a182caf5d4f07e0b034fae57fcab71dad342.exe"C:\Users\Admin\AppData\Local\Temp\e2c493b65359a28006d6fadde427a182caf5d4f07e0b034fae57fcab71dad342.exe"1⤵
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysabod.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysabod.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\FilesJL\abodloc.exeC:\FilesJL\abodloc.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.6MB
MD59a12ee1e9347c157d2a6e48125054fc8
SHA159652b7b66466f487086126a3259dec00b1f8ca5
SHA2565a347692adef60babf175e487987f2cbfa773728f7cf564bc569aa68e772f052
SHA5123c05fbb14600b8f4118c00ba4c77ab26bb7861a6ead086bffbf7079953364f6388810152f4df9715a89e44593c8ef8b337d57e4764ec0e17d67d3a9f3de9fe36
-
Filesize
2.6MB
MD5eff6b2bf9d23f03a654f92e41ba00096
SHA1e19eab4f19f6797e513fb9fc62fb47570a70e871
SHA256b37327ce5897eb45b82059885c10ad70bbd221a7f9ccca32428d68f2b401a5c6
SHA512f884cdb8a7c45203424abd3817e77701dddbde5d13e9fcbce6e69c409c484e6184863a94a3072f1a3a32a5d11b00fef2b16d1736d6d883ef0f763980f15d6cea
-
Filesize
169B
MD589ddbde42baa89e6b73a46c5a9dba384
SHA1d005bdeff73e24acd99c46defb0aa304f918bb84
SHA256dd0f43d3f10fdced0149e42aec5dfb65db7da35eb2049d3df1c9e08941040a57
SHA512aa1570bf0ed025555cce3b15d73648ef45c1c1fe98c4fc67a33a87c57d61d08dfc76bdfb57d8f6876ecbab6526729358df30ef672b5582aa150d07ab9e47fe08
-
Filesize
201B
MD5f60c1af432c1e51cf7f76804ddc84407
SHA13b5e3f90f3e9fc3e2453c5d32880fc548b13cf73
SHA256f9ac4ddb9bf3c5fdcc16aab8a32930ffc2d3c12d94a8e1abbb5e81bd3a795ca6
SHA5129ec9297577983551d424dc37f760ee341cfca66105eaeaedb5e90d2b70d107ba71b9c90013a76b4eb982f6a17dc5d287daf0089d79a391eab8336aeb73e2d7f8
-
Filesize
2.6MB
MD5d3b42ba234b0134e7f79a8cf3e251290
SHA1f133732bc0eece27559de81bc59874067411efb8
SHA2567dce2cff89f5ef1974939bfbac3dbb6e50d6c3321c53b6f491a463a4a7548b0d
SHA5127c2d7566418a0f332d8fdbe626a908fce02c68c71c3b7b62114455114b89ef86175e0dfdc60c7b4c62bfd56310d40e1d2a76008d83d94006ce1acd5f81e8c68e