Overview

overview

10

Static

static

10

LegionStea...der.js

windows7-x64

3

LegionStea...der.js

windows10-2004-x64

3

LegionStea...ts.vbs

windows7-x64

1

LegionStea...ts.vbs

windows10-2004-x64

1

LegionStea...ts.vbs

windows7-x64

1

LegionStea...ts.vbs

windows10-2004-x64

1

LegionStea...m1.vbs

windows7-x64

1

LegionStea...m1.vbs

windows10-2004-x64

1

LegionStea...ral.js

windows7-x64

3

LegionStea...ral.js

windows10-2004-x64

3

LegionStea...al.vbs

windows7-x64

1

LegionStea...al.vbs

windows10-2004-x64

1

LegionStea...in.vbs

windows7-x64

1

LegionStea...in.vbs

windows10-2004-x64

1

LegionStea...der.js

windows7-x64

3

LegionStea...der.js

windows10-2004-x64

3

LegionStea...er.vbs

windows7-x64

1

LegionStea...er.vbs

windows10-2004-x64

1

LegionStea...es.vbs

windows7-x64

1

LegionStea...es.vbs

windows10-2004-x64

1

LegionStea...ver.js

windows7-x64

3

LegionStea...ver.js

windows10-2004-x64

3

LegionStea...er.vbs

windows7-x64

1

LegionStea...er.vbs

windows10-2004-x64

1

LegionStea...lby.js

windows7-x64

3

LegionStea...lby.js

windows10-2004-x64

3

LegionStea...by.vbs

windows7-x64

1

LegionStea...by.vbs

windows10-2004-x64

1

LegionStea...er.exe

windows7-x64

3

LegionStea...er.exe

windows10-2004-x64

3

LegionStea...er.exe

windows7-x64

3

LegionStea...er.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-11-2024 18:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LegionStealer V1 SRC/bin/Debug/legionstealer.exe

  • Size

    4.5MB

  • MD5

    4e3b1a3fbe54f485df9b449f85b2c761

  • SHA1

    6450824ac372584e5066be766ef503fac3189a09

  • SHA256

    5f4a0a9db28d595c4035c380e2a5d4d39a284232aa46dd0ddb91baad021abd76

  • SHA512

    bdcf379cfa1a0ff02126e298db15cd2c9f3d9041ebb934aeb96142ba099926fd2ed3a5a53b271e7ab9d6c4d80cd66a6eb3d3438c34a45b33902afbce98c5dc43

  • SSDEEP

    98304:e0FPMJ2FPMJcaFPMJ9wT7DFPMJkhzHdV5RPdnASGuA+i1iK8P:dgxV5Rm9uAmf

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LegionStealer V1 SRC\bin\Debug\legionstealer.exe
    "C:\Users\Admin\AppData\Local\Temp\LegionStealer V1 SRC\bin\Debug\legionstealer.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:3872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3872-0-0x000000007518E000-0x000000007518F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3872-1-0x0000000000A00000-0x0000000000E84000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/3872-2-0x0000000005E90000-0x0000000006434000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3872-3-0x00000000058E0000-0x0000000005972000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3872-4-0x0000000005830000-0x0000000005842000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3872-5-0x0000000005A70000-0x0000000005A7A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3872-6-0x0000000075180000-0x0000000075930000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3872-7-0x0000000005C30000-0x0000000005D7E000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3872-8-0x0000000005DA0000-0x0000000005DB4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3872-9-0x0000000075180000-0x0000000075930000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3872-10-0x00000000153A0000-0x00000000153DC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3872-11-0x000000007518E000-0x000000007518F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3872-12-0x0000000075180000-0x0000000075930000-memory.dmp

    Filesize

    7.7MB

    Download