Overview

overview

7

Static

static

3

a31ead333a...ad.exe

windows7-x64

7

a31ead333a...ad.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/11/2024, 12:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a31ead333aa7b97f839a5707f7c36667cfa724dca841f453fe08c46e5d559dad.exe

  • Size

    2.6MB

  • MD5

    1f08fc51760141f8fcc0241621d294dc

  • SHA1

    f0b46968bfb2b9d8018bb03eae64e87fec953c9f

  • SHA256

    a31ead333aa7b97f839a5707f7c36667cfa724dca841f453fe08c46e5d559dad

  • SHA512

    20a47be284ec924902aa09435c5103a512fc8ae86404ab1e1c0dec372d5f277ac06661a341ad341591efde06357ea712c9f8cd248e792ed9832b3064f4a16a73

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBnB/bSW:sxX7QnxrloE5dpUpIbv

Score
7/10
discoverypersistencespywarestealer

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a31ead333aa7b97f839a5707f7c36667cfa724dca841f453fe08c46e5d559dad.exe
    "C:\Users\Admin\AppData\Local\Temp\a31ead333aa7b97f839a5707f7c36667cfa724dca841f453fe08c46e5d559dad.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\locadob.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\locadob.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:5032
    • C:\UserDotMA\abodloc.exe
      C:\UserDotMA\abodloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:5080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintM7\boddevsys.exe
    Filesize

    2.6MB

    MD5

    befa4be5750a8a5d3f2a767f05adc4c5

    SHA1

    d2b748a8ae0c4347c0e64bfd492fd3c34245163f

    SHA256

    9901cd69a0f15b79e4eb232e5013dbfc61ab08e4fcb54c3502811d5fb7684a11

    SHA512

    8921b248fba99fc3f8a0720eb5ec334d4ee1b7397ad195532db3ce1a00dabecf70fce5f1478c63720285e5fd391408a9d633ac3976797abc9002878498396f0e

    Download Submit

  • C:\MintM7\boddevsys.exe
    Filesize

    190KB

    MD5

    04b8d1eb5687c7615ceb21c31b070b23

    SHA1

    b9f51f8545eb0812c6b771ed8d4e5c2663f81a34

    SHA256

    35f9d868472ad44b4adbe38ad84f6da6e173335e0d31d7b3b8adef267e449d1f

    SHA512

    a84af33f29ec41948cb246d6f75232883ebdc7ebe6890e3baa0ef5580d8bbb91b41361976508271e76c7266c15ed03b25db84005df4812056a40e8353d810bd0

    Download Submit

  • C:\UserDotMA\abodloc.exe
    Filesize

    2.6MB

    MD5

    c16c704874fdaba5bb4062a6df8f561e

    SHA1

    bfd7bd834b146410708151d56aea00874c224c2d

    SHA256

    864756befd63963e0a98533465beb76d6d2f4f28670f6a96518f2460671d272e

    SHA512

    b6abe336f590faf2059e90d71757600c16e9fc01a5a088831322ae333bfb2d58dee6af7e510005bbfce6b622c0164388eb156d8ce62e2f901adcf96abf1b3ca5

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    2d3e4ef3ca1e3eeddea7cedf110fa310

    SHA1

    c84d1dccd16f9d49499ecf9e8b5dcb860ec1cb8c

    SHA256

    99580c5a86b93887657787813e59ee96ad95f64bf6d03e2ddf9d91a89a6c85f9

    SHA512

    0741df0564d21f0dec15eae75c7d0b7eac728f061400b1935862e043e7f9f597b8c559fbc800580a45a2ea92bd43391cbe2cc6862d0075caa322ab342006fd97

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    172B

    MD5

    6985337162f279cdc8080e79b189511e

    SHA1

    c88986542fea18ac907d55fe2931b1d8ef725f75

    SHA256

    078bf5cb81a489b997e97a7c5489a352348543cf958f6f978fba895c0caa5768

    SHA512

    d2711d31a45b3125b601669e1116f746eef98839e312055fb09b93c61482cb3e3ef6aeffaa16ff8fa54d49c6353a7bbba2333a65c5f59c54bbdf81b38c34bb8e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\locadob.exe
    Filesize

    2.6MB

    MD5

    ef830dc1fc02f4e473b9d531993c1335

    SHA1

    0f8130c5a09978c15c041113eafa93178e97e439

    SHA256

    1b2422fa0a8c883f56fe142c57a84dcff95175aa6084e77c7c7bbd52649ced9b

    SHA512

    13a0b10b7022a954a1a17becc8654d7cb07dae1b688f76038cb61e276a4fc3461b604f8fdc5e2484e3c0e169701248672995e611ad6ecf047e707c8527133002

    Download Submit