Overview

overview

10

Static

static

3

f75c4968c6...ba.exe

windows7-x64

10

f75c4968c6...ba.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2024, 19:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f75c4968c6d2020b5d027692fdefc58b334a95b5ee948f43d81207e7419e9eba.exe

  • Size

    10.7MB

  • MD5

    c616f203d102449f4f786727edd6db3f

  • SHA1

    9dc74f2c0a6efc257636c2d6756002c132ed8c52

  • SHA256

    f75c4968c6d2020b5d027692fdefc58b334a95b5ee948f43d81207e7419e9eba

  • SHA512

    92f0f420da9085bb10b61a0a490a8ec918a83d2e9536ca384d728f297bb886e04269855dbb5506b0b73b46962b249219497700c60d6d6a88da3c0f91d0c30fd2

  • SSDEEP

    196608:NmgBp37/NHPAj3DxH9pIpwQcfjunH6Z0sU+FNuQ4zOZ+1ak3Yzb5:QkFNHPAj3D1EwQcfqHwUaMrz5aP/

Score
10/10
monsterstealer

Malware Config

Signatures

  • Detects Monster Stealer. 2 IoCs
  • Monster

    Monster is a Golang stealer that was discovered in 2024.

    stealermonster
  • Monster family
    monster
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f75c4968c6d2020b5d027692fdefc58b334a95b5ee948f43d81207e7419e9eba.exe
    "C:\Users\Admin\AppData\Local\Temp\f75c4968c6d2020b5d027692fdefc58b334a95b5ee948f43d81207e7419e9eba.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Users\Admin\AppData\Local\Temp\onefile_2700_133746174384898000\stub.exe
      "C:\Users\Admin\AppData\Local\Temp\f75c4968c6d2020b5d027692fdefc58b334a95b5ee948f43d81207e7419e9eba.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_2700_133746174384898000\python310.dll
    Filesize

    4.3MB

    MD5

    c80b5cb43e5fe7948c3562c1fff1254e

    SHA1

    f73cb1fb9445c96ecd56b984a1822e502e71ab9d

    SHA256

    058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

    SHA512

    faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

    Download Submit

  • \Users\Admin\AppData\Local\Temp\onefile_2700_133746174384898000\stub.exe
    Filesize

    17.9MB

    MD5

    709a0098a1450a418caad159c16cd178

    SHA1

    680ca411bc2be955b310704b2062e0b59e208d54

    SHA256

    00841852b450e83babdab78306af91f1c9bbdb0bf9d574831abbf28dc9620d2b

    SHA512

    1c7117cd6926ea59f7cde3b756912d6e7127d2d1c210b7298284f15b742da6a7c3158f371544cfec1dc151fc6081d2d43fa3ba961f51c7a778c1043e79d137c6

    Download Submit

  • memory/1220-40-0x000000013FC00000-0x0000000140E35000-memory.dmp

    Filesize

    18.2MB

    Download

  • memory/2700-75-0x000000013F460000-0x000000013FF35000-memory.dmp

    Filesize

    10.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.