acf88f80055908ced219ba8c7ada933fda1b6861800e156e64491ab9077842eb | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/10/2024, 20:52

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.PWS.Steam.34994.18917.22410.exe
Size

34KB
MD5

39e7dc7f0cfa0ef6b646e794161d91a7
SHA1

d2459e4a0b2559937e4d3cc1627efc12a870fe66
SHA256

acf88f80055908ced219ba8c7ada933fda1b6861800e156e64491ab9077842eb
SHA512

3de454b3be90c8a91a08d8af929d35ca4994b9c3410134b77ad638204d9a7de384999be7a5d33e2b57910ff247da98a58094738f77be9743ff0e0e07e46a1a27
SSDEEP

768:hbOs+EjBO4cl767rI2jUzxoHEQLfp+Zc+wRrl6eUzyjbFCHy5b7I2lSVRR9wggRX:1Os+EDVLf9VRo7gRemy8s

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Steam.34994.18917.22410.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Steam.34994.18917.22410.exe"
1⤵
PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads