Analysis
-
max time kernel
149s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
21-11-2024 11:00
General
-
Target
eb07a811518541ef5d2111b0ebc6927f67223450888e00942242367f55236c62.exe
-
Size
2.6MB
-
MD5
b7c3d62cad5a0e05f0a2ba6738d4b724
-
SHA1
ac5aff487b1542b78dc24cfee2ed8d3987a05c43
-
SHA256
eb07a811518541ef5d2111b0ebc6927f67223450888e00942242367f55236c62
-
SHA512
260972e6476eb96218de6121782cd94709b59941413ff3fd873b79984e3acb513e0e7b3c96f9ccd5b0c8a5137a018529431b13ba83275c3d2175c9374437b89d
-
SSDEEP
49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBAB/bS:sxX7QnxrloE5dpUpbb
Malware Config
Signatures
-
Drops startup file 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eb07a811518541ef5d2111b0ebc6927f67223450888e00942242367f55236c62.exe"C:\Users\Admin\AppData\Local\Temp\eb07a811518541ef5d2111b0ebc6927f67223450888e00942242367f55236c62.exe"1⤵
- Drops startup file
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecaopti.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecaopti.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\UserDot1E\aoptiloc.exeC:\UserDot1E\aoptiloc.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD52456e825ceeedb20f71206165d49e947
SHA1890f9632fef2a6bf43a9dfd735746c09de658961
SHA256bed445e013cfb98c10918a7d597b299d1361eedd9c130606df15e64bf7cc7606
SHA512970e403d499e2e6ce89292e5e79ed790e0a90bd1db7ff84e7bb8662441954b77395552a9eff23069355d32fb3163ba55b4761c48c45bc8f4ad37465dad63e20e
-
Filesize
2.6MB
MD56974b4924a629d6b637db96aa34ad4a0
SHA1973d09a80aa738867fd2cc89a3b80e0bdcb0037b
SHA256ea6fd4b020eda1413ffe0cd436f105f7049230b7b08b1553ff97a9d937149bce
SHA512a2e1d1353a6b31c4afdb7d497b1f10d4561a88f947d79ea1eba01ebe5108e0c66e9fe9a4e58688b4097278f63d7af89c5e98535c1b545fd676ad6f8ab154c4ac
-
Filesize
2.6MB
MD5fe059721e0e4e6db4925242dcd4fec63
SHA1ca49686fa297d54e15e1d13622b6b577c62f55fd
SHA2560535deb162a7fc2e4d79bfe2b162334da6f7ab5e368bf88d5dfb8929e3cdcf10
SHA512fd1c55642436924fbcd860933e8412f07ca4a1eb64e435984abd64db531f7ffbfdcbb44d79021b7a4ffce552f4de6e6dd8d864a0f6b8c01421eed24f4bbb4515
-
Filesize
204B
MD58abdbb35cabc0d75f1a46cfc1ca959a2
SHA109332eeaf73f216f883f93abc2eaa5da1530255a
SHA256f27dc7d0aef430707a644ba5792f30b04140262450a8368d3b3eef3b7f278209
SHA5129563888f38cb4e63fd47fbbdec2cc0f521112297b0b9cd7206ea207e812e0bc1ffcf23e7771d0f4f689fce9b7a6f5776d7a844e7b7e2e0e9512ac14a7105fc7b
-
Filesize
172B
MD5047cd14b40a29c496af53446c6371316
SHA1b1eb299095f8b83c3136df9d43c6d0eb8f44e433
SHA256644fb09d9c7b21a8acaac59243310cba5193981c0e2be794cf94f60f924fdef1
SHA512ae3a6018e842020cd3a016f2bc7ccbe8973cfb422a9121a471b843bf00941582991aef7acf0305cd9594f4cd415f5326db875249ad496564aece28a5b4a5d83a
-
Filesize
2.6MB
MD5871166d7526830e41a7e9cffb2af0f64
SHA18bd61836ca0a25a40e865483e28d99d29098a881
SHA25681f3455f31f5538d61df676b2c1803f37b055265cd9920e31855903aa8d48e2b
SHA51214ab07e3fcad13aab33b1a1aa978c2f6f4382c355e026afff89503c715a305f77808ed4df3b3aa6cb9ad490da135009597c5505aae5f8bb3e9da8e3f9724b117