Overview

overview

7

Static

static

3

ac625d190c...53.exe

windows7-x64

7

ac625d190c...53.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    ac625d190cb48de0c6184a5d4bf9a2e9fc4d04d8eb77fe7f83120f473e8df953

  • Size

    138KB

  • Sample

    241009-clb95axaqd

  • MD5

    1f0116315b4d88e64c547b066e72dda2

  • SHA1

    8cb6479225564ec4165295e34abb89cbbc6b20ee

  • SHA256

    ac625d190cb48de0c6184a5d4bf9a2e9fc4d04d8eb77fe7f83120f473e8df953

  • SHA512

    a55e70064101f08cdbd2d0ea9f49e69d049cef536f1806c5633806b75093e404bf9214e1867af7145b25e0bb8cb0cf9dcd4693bf1ca16ab0e311cb11a3c6d909

  • SSDEEP

    3072:oc5+bBl3E2df1PdolVR5huqWmnZf0iCd8ke183czW3sKcNUdHKd+Nv50fJcQ5nmF:oc5+Vl3E8xdolxv95KpHM+NQXrq

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      ac625d190cb48de0c6184a5d4bf9a2e9fc4d04d8eb77fe7f83120f473e8df953

    • Size

      138KB

    • MD5

      1f0116315b4d88e64c547b066e72dda2

    • SHA1

      8cb6479225564ec4165295e34abb89cbbc6b20ee

    • SHA256

      ac625d190cb48de0c6184a5d4bf9a2e9fc4d04d8eb77fe7f83120f473e8df953

    • SHA512

      a55e70064101f08cdbd2d0ea9f49e69d049cef536f1806c5633806b75093e404bf9214e1867af7145b25e0bb8cb0cf9dcd4693bf1ca16ab0e311cb11a3c6d909

    • SSDEEP

      3072:oc5+bBl3E2df1PdolVR5huqWmnZf0iCd8ke183czW3sKcNUdHKd+Nv50fJcQ5nmF:oc5+Vl3E8xdolxv95KpHM+NQXrq

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks