monster | cb9a8828528e46fb86fb7b548d464deceef1abaf9373e51c401f52838c91e9ea

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-10-2024 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

build1555.exe
Size

10.7MB
MD5

6b1eb54b0153066ddbe5595a58e40536
SHA1

adf81c3104e5d62853fa82c2bd9b0a5becb4589a
SHA256

d39627a497bf5f7e89642ef14bb0134193bc12ad18a2eadddf305c4f8d69b0b8
SHA512

104faaa4085c9173274d4e0e468eaf75fb22c4cfe38226e4594e6aa0a1dcb148bde7e5e0756b664f14b680872d2476340ebd69fac883d8e99b20acfb5f5dbf04
SSDEEP

196608:ys+j9q6y7PuZANM3FEAIVqUkzgPyzKM+1t02mY1q6vgC5xU7BlUdinrDRQF6f1:yNBly7PumMtgqUTKt2mYtvggGBa4nr1h

Score

10^/10

monster stealer

Malware Config

Signatures

Detects Monster Stealer. 2 IoCs

resource	yara_rule
behavioral1/files/0x0008000000016d31-37.dat	family_monster
behavioral1/memory/2772-40-0x000000013F160000-0x000000014039E000-memory.dmp	family_monster

Monster
Monster is a Golang stealer that was discovered in 2024.
stealer monster
Monster family
monster

Executes dropped EXE 1 IoCs

pid	Process
2772	stub.exe

Loads dropped DLL 2 IoCs

pid	Process
2536	build1555.exe
2772	stub.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2772	2536	build1555.exe	30
PID 2536 wrote to memory of 2772	2536	build1555.exe	30
PID 2536 wrote to memory of 2772	2536	build1555.exe	30

C:\Users\Admin\AppData\Local\Temp\build1555.exe
"C:\Users\Admin\AppData\Local\Temp\build1555.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Users\Admin\AppData\Local\Temp\onefile_2536_133746164114490000\stub.exe
  "C:\Users\Admin\AppData\Local\Temp\build1555.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2536_133746164114490000\python310.dll

Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2536_133746164114490000\stub.exe

Filesize
18.0MB

MD5
f0587004f479243c18d0ccff0665d7f6

SHA1
b3014badadfffdd6be2931a77a9df4673750fee7

SHA256
8ce148c264ce50e64ab866e34759de81b816a3f54b21c3426513bed3f239649a

SHA512
6dedaa729ee93520907ce46054f0573fb887ac0890bea9d1d22382e9d05f8c14a8c151fe2061a0ec1dae791b13752e0fbc00ccc85838caa7524edba35d469434

Download Submit
memory/2536-75-0x000000013FFF0000-0x0000000140AC8000-memory.dmp

Filesize
10.8MB

Download
memory/2772-40-0x000000013F160000-0x000000014039E000-memory.dmp

Filesize
18.2MB

Download