Overview

overview

8

Static

static

3

vTHGfiwMDeoOH5a.exe

windows7-x64

8

Resubmissions

07/10/2024, 05:31

241007-f76bwasdpf 8

07/10/2024, 03:45

241007-ebh12axgna 8

07/10/2024, 03:41

241007-d88ghsxflg 8

07/10/2024, 03:38

241007-d7bfdstbkm 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mal20241007-01.rar

  • Size

    710KB

  • Sample

    241007-ebh12axgna

  • MD5

    7b2f84b171c40dfddac2c9376236464c

  • SHA1

    a6b7ec24b15d8355b2c81d1211df999f333aae2b

  • SHA256

    c862578f76c396997aec18d367b6f0ce81a6e15b6e50e27858e0f3dea7a98d95

  • SHA512

    1df8112457c838debe59325add6d6f0c9704663d2c323e5808ab02c8dabb97d9d70f444dca6bdf159c0607e02d5e88f9ac3218351a0a5b8296e5b2e678fe482d

  • SSDEEP

    12288:BqVbznbHz0maptQYZnMcJOrhNROEsf3UxqdtF4S1vsmK0KXGDIvyxntYBNf:BkPnkJZnqhfOEscxWF4S1vrK0KGhqT

Score
8/10
discoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      vTHGfiwMDeoOH5a.exe

    • Size

      785KB

    • MD5

      3aa5992e9a518e4d1a7042a16b10e31d

    • SHA1

      5bce77192abbf2a71a2b19d6b00f08685f569b64

    • SHA256

      cfad352d8c9e907269c76b22b73f7a9fa47c3782c99ec48598a310a35d3bdaac

    • SHA512

      518b38137a320e3853e28496485c04c933b68ef34f4ef9b4da363711555ea70c11325d4e05d761d5a4aaa199e684e0da084e0226f319cfe3a29dc00d120fed95

    • SSDEEP

      24576:A0ixK9bqAGf89ojqUk6fT6xuBgptr6svn6v:9ixKp5NX6BBStr6svnu

    Score
    8/10
    discoveryexecutionspywarestealer

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks