Overview
overview
10Static
static
101214e5f9de...98.exe
windows7-x64
61214e5f9de...98.exe
windows10-2004-x64
7236020bb91...f6.exe
windows7-x64
10236020bb91...f6.exe
windows10-2004-x64
1025dc70a3de...60.exe
windows7-x64
1025dc70a3de...60.exe
windows10-2004-x64
1054de718b63...d9.exe
windows7-x64
154de718b63...d9.exe
windows10-2004-x64
37ae9504811...a4.exe
windows7-x64
107ae9504811...a4.exe
windows10-2004-x64
109c2554e79b...a0.exe
windows7-x64
109c2554e79b...a0.exe
windows10-2004-x64
10a568f22004...3b.exe
windows7-x64
10a568f22004...3b.exe
windows10-2004-x64
8aefd0c7794...37.exe
windows7-x64
10aefd0c7794...37.exe
windows10-2004-x64
10d68b4d6cec...27.exe
windows7-x64
10d68b4d6cec...27.exe
windows10-2004-x64
10Analysis
-
max time kernel
93s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
08/11/2024, 02:11
Behavioral task
behavioral1
Sample
1214e5f9dec9e4c94ccf93c4495788c8314f396ce74dbb5c15cd372411ceed98.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1214e5f9dec9e4c94ccf93c4495788c8314f396ce74dbb5c15cd372411ceed98.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
236020bb910e3cfd1e03bff5722204be40c0739fb6d2954b35c8b02185e37ef6.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
236020bb910e3cfd1e03bff5722204be40c0739fb6d2954b35c8b02185e37ef6.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
25dc70a3def65cca61f30ad3a818edbf0dcebbf8257a302212fd7424cc7e8560.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
25dc70a3def65cca61f30ad3a818edbf0dcebbf8257a302212fd7424cc7e8560.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
54de718b634d2dbddaf2530aa3b1768823dfdd97f5a2782b4131fe369e903dd9.exe
Resource
win7-20241023-en
Behavioral task
behavioral8
Sample
54de718b634d2dbddaf2530aa3b1768823dfdd97f5a2782b4131fe369e903dd9.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
7ae95048117dcae6685b6d3206a013fc3e76631d0d4cb58a95f065d79c6cc8a4.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
7ae95048117dcae6685b6d3206a013fc3e76631d0d4cb58a95f065d79c6cc8a4.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
9c2554e79b717eca531348c6e0430944ab7288bc46a8d56e2e49898c4b0e59a0.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
9c2554e79b717eca531348c6e0430944ab7288bc46a8d56e2e49898c4b0e59a0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
a568f22004828c8dc2e3e31c3a8f49a89b164e1eb268f57c93430b20368cfe3b.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
a568f22004828c8dc2e3e31c3a8f49a89b164e1eb268f57c93430b20368cfe3b.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
aefd0c77949ccb2192070d1fb122cad87c1fc3e3c841b1928e3763fadf286337.exe
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
aefd0c77949ccb2192070d1fb122cad87c1fc3e3c841b1928e3763fadf286337.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
d68b4d6cec032458824abdf3ac6f379f33db2167cb0c399845f4d7735a426827.exe
Resource
win7-20240903-en
General
-
Target
1214e5f9dec9e4c94ccf93c4495788c8314f396ce74dbb5c15cd372411ceed98.exe
-
Size
1.0MB
-
MD5
0d52c34732339d12e58c62cdcbcd2241
-
SHA1
b00a95fe388a69d375b4e370fa5112dda61c2ede
-
SHA256
1214e5f9dec9e4c94ccf93c4495788c8314f396ce74dbb5c15cd372411ceed98
-
SHA512
4da5f2b48663a183cc46799c02179bd5bc84a71993387742984a5c76ca92d4c7aec60d25efe758636a1a006ba8a4032a6e7763c48e9515801db8be6a98d6a3de
-
SSDEEP
24576:OfQYMfhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRF+G:Vo54clgLH+tkWJ0Nj
Malware Config
Signatures
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 4 api.ipify.org 6 api.ipify.org 11 ip-api.com -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 5076 1214e5f9dec9e4c94ccf93c4495788c8314f396ce74dbb5c15cd372411ceed98.exe 5076 1214e5f9dec9e4c94ccf93c4495788c8314f396ce74dbb5c15cd372411ceed98.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 5076 1214e5f9dec9e4c94ccf93c4495788c8314f396ce74dbb5c15cd372411ceed98.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1214e5f9dec9e4c94ccf93c4495788c8314f396ce74dbb5c15cd372411ceed98.exe"C:\Users\Admin\AppData\Local\Temp\1214e5f9dec9e4c94ccf93c4495788c8314f396ce74dbb5c15cd372411ceed98.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5076
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\NuyTVLTXyuBuDHw24025E5463\6324025E54NuyTVLTXyuBuDHw\Browsers\Passwords\Passwords_Edge.txt
Filesize426B
MD542fa959509b3ed7c94c0cf3728b03f6d
SHA1661292176640beb0b38dc9e7a462518eb592d27d
SHA256870ef3d2370932a8938faa60abd47d75ea0af98bfa11c82ae8efe9e94fd8be00
SHA5127def291737d081c93d0cc38ac8d3062fd34d93b68d191eb0d54e9857e0c0afdbcd241471a2e10c28ce8db3b1d1ae0dba2ef6f609cfe8a1e8fe1dd103dba80007
-
C:\Users\Admin\AppData\Local\Temp\NuyTVLTXyuBuDHw24025E5463\6324025E54NuyTVLTXyuBuDHw\Grabber\ClearSelect.doc
Filesize682KB
MD540d69c957ac1a39d697285726133b9d7
SHA1de9dcbba75f3a09d632a43013d705fd96adc0354
SHA256f425a97a532364395c9b55a9c6acdcad9c84390b29b45605a0175c9c8f44b39d
SHA512863b01fa2f3828621e6f4e33acafacca3288f697a51b39567ab24dd1db0fc00c59b73f33d88ae6115af0f1f49382e3e659e645ac2d10f1f5c5931a155a4755c1
-
C:\Users\Admin\AppData\Local\Temp\NuyTVLTXyuBuDHw24025E5463\6324025E54NuyTVLTXyuBuDHw\Grabber\JoinDebug.doc
Filesize711KB
MD5d485ec09130be18c11c18b7ad6a2264b
SHA1aab65ad9bdb8e568c7e8340cc1c7af48365bf63b
SHA25671d3d648c7093324093e51b5ced12b91c22d5a9f6a1af896d8857e8e32b59a64
SHA512102e52c7713181be1eaf0382491f29cc9ac4ecf830e27658a912b1fb198d3b267c51debc2191dc0cf90f0d450c95c48641e61cb82c6f1e70e2773ddafa88307c