a5b292c0a6d7a38f156c7a8a8709ffe63419c8eaa09edb521f2aca6db0fbbffe | Triage

Sharing

General

Target

AntivirusApp.exe
Size

132.8MB
Sample

241110-btsfmsyrem
MD5

dab64b19dbc5f2c80cea565386b3ce2d
SHA1

ad0e294c464540019c931e45c04b1fafaf078b41
SHA256

a5b292c0a6d7a38f156c7a8a8709ffe63419c8eaa09edb521f2aca6db0fbbffe
SHA512

93e9ff32e1c866a79c04db988aff4541c69ceec3b0d83f0ac2e13899ffa20abf1b14da2016d8573642fe9cc3e6768de1d27ba0279f1048205f1185c315702a69
SSDEEP

3145728:F/dukp4gwPvP+4tG5YwUSC++uy65C4H0j59s+nX3dcrzD:FEJgwPXjtGagCMy2CY0j5S+Hdcz

Score

6^/10

persistence pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  AntivirusApp.exe
- Size
  
  132.8MB
- MD5
  
  dab64b19dbc5f2c80cea565386b3ce2d
- SHA1
  
  ad0e294c464540019c931e45c04b1fafaf078b41
- SHA256
  
  a5b292c0a6d7a38f156c7a8a8709ffe63419c8eaa09edb521f2aca6db0fbbffe
- SHA512
  
  93e9ff32e1c866a79c04db988aff4541c69ceec3b0d83f0ac2e13899ffa20abf1b14da2016d8573642fe9cc3e6768de1d27ba0279f1048205f1185c315702a69
- SSDEEP
  
  3145728:F/dukp4gwPvP+4tG5YwUSC++uy65C4H0j59s+nX3dcrzD:FEJgwPXjtGagCMy2CY0j5S+Hdcz
Score

6^/10

persistence spyware stealer
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistencespywarestealer