General
-
Target
b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35
-
Size
409KB
-
Sample
241130-kv3sfatqbn
-
MD5
2d79aec368236c7741a6904e9adff58f
-
SHA1
c0b6133df7148de54f876473ba1c64cb630108c1
-
SHA256
b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35
-
SHA512
022c5d135f66bc253a25086a2e9070a1ae395bdedd657a7a5554563dace75e1cbfe77c87033d6908d72deeab4a53f50e8bd202c4f6d6a9f17a19a9ebfdfe9538
-
SSDEEP
6144:zhk7s+AfJjoF3U5w81tLffIru6t1tztD675DoRK3L9YhZmdC/0fNpZH97ndaW9:P+UJjoF3U5w8rk8LeYvR97nQW
Static task
static1
Behavioral task
behavioral1
Sample
b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35
-
Size
409KB
-
MD5
2d79aec368236c7741a6904e9adff58f
-
SHA1
c0b6133df7148de54f876473ba1c64cb630108c1
-
SHA256
b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35
-
SHA512
022c5d135f66bc253a25086a2e9070a1ae395bdedd657a7a5554563dace75e1cbfe77c87033d6908d72deeab4a53f50e8bd202c4f6d6a9f17a19a9ebfdfe9538
-
SSDEEP
6144:zhk7s+AfJjoF3U5w81tLffIru6t1tztD675DoRK3L9YhZmdC/0fNpZH97ndaW9:P+UJjoF3U5w8rk8LeYvR97nQW
Score8/10-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Authentication Process
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4