Overview

overview

8

Static

static

3

e07dbe17a3...8b.dll

windows7-x64

3

e07dbe17a3...8b.dll

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e07dbe17a3ef5f5d09629da0d34d077166d3d1e0caec94f6c5b46f8dfb92228b.dll

  • Size

    24.8MB

  • Sample

    241001-nyfzmaxfrq

  • MD5

    50c424218307e9cb81ce2b1febbbc9a4

  • SHA1

    f57ddd3ac726bfa59de0edf309edac4d63c3bdae

  • SHA256

    e07dbe17a3ef5f5d09629da0d34d077166d3d1e0caec94f6c5b46f8dfb92228b

  • SHA512

    a2eb3eb990685657811839cf3d6af582e8a8341615f28601c14f0d709f979b8d2db20f70b2aa5564d081bd5e60956e55546fa7b0214a0692aa60d14df2d40f3d

  • SSDEEP

    393216:+iCfMh8Pf/v3ye4CJjQTqi9YnVDpzeH6aNtpJMjNzkoy4mF:kUhe/vLXxSaDF2NtjOZy4O

Score
8/10
collectiondiscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      e07dbe17a3ef5f5d09629da0d34d077166d3d1e0caec94f6c5b46f8dfb92228b.dll

    • Size

      24.8MB

    • MD5

      50c424218307e9cb81ce2b1febbbc9a4

    • SHA1

      f57ddd3ac726bfa59de0edf309edac4d63c3bdae

    • SHA256

      e07dbe17a3ef5f5d09629da0d34d077166d3d1e0caec94f6c5b46f8dfb92228b

    • SHA512

      a2eb3eb990685657811839cf3d6af582e8a8341615f28601c14f0d709f979b8d2db20f70b2aa5564d081bd5e60956e55546fa7b0214a0692aa60d14df2d40f3d

    • SSDEEP

      393216:+iCfMh8Pf/v3ye4CJjQTqi9YnVDpzeH6aNtpJMjNzkoy4mF:kUhe/vLXxSaDF2NtjOZy4O

    Score
    8/10
    discoverycollectionexecutionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks