c977ae66e324525a57dd0982d670fce03626aa70b4c57e7aff2ba8eab97e4e75

Analysis

max time kernel
93s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2024, 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Erebus-master/gather/chrome80.exe
Size

8.4MB
MD5

e7370f5d9e4aa76683dadd3cdb302337
SHA1

2ad56443df8de645255e415432611f16b3eb4332
SHA256

9aade6e8f3a965f19c4b761f80f9259d703417d1275f18693e5ab00527a6e47e
SHA512

c0e1b977aa5605e29e1c53b4c95ec3438b24288cf2439179d2592d3e3c0e84c5632df01fd3bee3d62e2e5f3e33945905808b3373d9758fc3b00f1c6d0ea5f4f9
SSDEEP

196608:0cIdNfVhryUTqR+zQMd9e+q2WWmQqh+ZZRB5d85EkqCkqLROnCtFw:6fVFl3QMd9vqZQjeNy+OC

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 14 IoCs

pid	Process
2780	chrome80.exe
2780	chrome80.exe
2780	chrome80.exe
2780	chrome80.exe
2780	chrome80.exe
2780	chrome80.exe
2780	chrome80.exe
2780	chrome80.exe
2780	chrome80.exe
2780	chrome80.exe
2780	chrome80.exe
2780	chrome80.exe
2780	chrome80.exe
2780	chrome80.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	2780	chrome80.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2780	2200	chrome80.exe	82
PID 2200 wrote to memory of 2780	2200	chrome80.exe	82

C:\Users\Admin\AppData\Local\Temp\Erebus-master\gather\chrome80.exe
"C:\Users\Admin\AppData\Local\Temp\Erebus-master\gather\chrome80.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Users\Admin\AppData\Local\Temp\Erebus-master\gather\chrome80.exe
  "C:\Users\Admin\AppData\Local\Temp\Erebus-master\gather\chrome80.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22002\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22002\_bz2.pyd

Filesize
87KB

MD5
e5ba852cb53065389044fe34474a4699

SHA1
d14401c170be8f73de67cfc7ea414dfb1c878ae5

SHA256
690bfd170e038b7b369eb4e4e32621823b1050d895bae3ef538c6382cdc1b2b0

SHA512
c6db73a39c563ac8395214ba1fa9807542b228ebcf6daef9e5478ba99acfcd8dc3d4816c68c51128bb421e8ee2f4625ec24fbe1ef2d268eb01ce09c37ed27101

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22002\_ctypes.pyd

Filesize
130KB

MD5
9e18aca18e4ece1c187f8c0cd12a5c8f

SHA1
a8ba36a9eea969d722a9ae90139d4d59f643f951

SHA256
3351627469ea8965b08bafc9de18d1d890479357df6bc8917f7218535e02f211

SHA512
237b0ef23d0a91014581b94f5c7696da1ab3c1c3a51f6ffe10787c65dc4f5a90d1760e4088afc9acc27bae7f159a32fa3e7a9b15daba5950751932683e9373b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22002\_hashlib.pyd

Filesize
38KB

MD5
e2f401c211fab8c5e1517764e9175616

SHA1
7497eb47b63435d60e7d1bf20b2c946335e6671e

SHA256
76fb36e23b8f6821caec61c49f90b194632e68c9c78c9eb1f2e668c1b6383a73

SHA512
1312eaa7cc46b774392ae9e588c41b104eda43703e48e5b13702e15da665c0e5cc8e21b4011141c63811cd366a0d5773ff26c40c27159b80486bc491eef450a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22002\_lzma.pyd

Filesize
251KB

MD5
c7bbbab8b4764c1c2bfd480dc649653c

SHA1
a5226b44fd42f39948174fab8b6ba5999104d831

SHA256
96205c0efbfbc282d3f4b76f8f2f189a409f365dbe9a9a088351a2906b18cd36

SHA512
aad92eb554af4a99647c770f8a0e988da78542df348e89b740f5f777b5acd992a896c9790598c2c9df35a4167347653e7b337ac98258b9c878c710582e7c21da

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22002\_socket.pyd

Filesize
74KB

MD5
9f0683eb56d79d33ee3820f1d3504cc2

SHA1
0bf7a74e9040bb7ffda943ffef531520a9f419af

SHA256
39612c28eef633eef7e2e2c83a779fdda178d043d7aec0a07890e5d2a11cf4f8

SHA512
f086cc899b517ace259d27c048db5846552a7a8e57ddad4d6ea0b25b45e52282979309cea56bb56312aa83273b61f78b25b1ad6a61b6b3de33f5980c81ae6f32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22002\_sqlite3.pyd

Filesize
83KB

MD5
71d8d3b5aa31b0bce21c1557bf2df269

SHA1
4e5b7c44ce996f5e6986d5a1eccb4441fb648590

SHA256
440aae80b5026dc0f2d4ad080079dec960d236063b3eef3a456b8fb0c954825d

SHA512
b4f536197739431e4d3ad922f2a861c72f43972ab279b17788666642a26cd04a5c0af00124ceb858e69004ecf49535f2b6ca4987c280beda08a89d34a8e5b405

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22002\_ssl.pyd

Filesize
120KB

MD5
a7fadacb8f4ff72a26f1ccbcfcdc33c1

SHA1
e73311cce41f1de6e01e13ef5745febf37fb3193

SHA256
b8232c839e99a3701657fe16f245e0afca2f269562682eb1a3468c47d07ac5cf

SHA512
a486a2c9fa2cf8a8b8c609a9f4d132c55c39dabcc1ea20455a27e23395515881c9cd396416796762777079aae6c6673dc9905bdcc92ff13d93e7e6c2a06403fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22002\base_library.zip

Filesize
760KB

MD5
fce9002f015ce260e1ca503eb6cbe5cf

SHA1
7cfd45ea798e5c98a4f07b8dea706a1f68111b29

SHA256
649e7b2e06ad6c0dc2c64f4011f1eaa0a44e4c7ff95c4291f14064219ed7d607

SHA512
79b56bc85d4df2b9c11caacf8c872f37c7350ba193e864f9a1a32f8c5de0cc72d4c78f14a8a53676f4206f1a884a0d1152db18456f2a73f0a22b8ad2ca78b45d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22002\demo.exe.manifest

Filesize
1KB

MD5
37392f409083afa52ce894526ddd1261

SHA1
563c82472780a44e975940c7233141ee695f71c7

SHA256
3a0f7378366b018dc8d74c1a8a0c597a751214044aa23f2745d2237f4c878303

SHA512
beabae1c15749a52df98706447e79500a993954954fe7f17ad600fcaa53acf4d5561b88cf622ce3139a8bd6e6900a925a47520d0a776da1020c285ac7e56e5b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22002\libcrypto-1_1-x64.dll

Filesize
2.4MB

MD5
8c75bca5ea3bea4d63f52369e3694d01

SHA1
a0c0fd3d9e5688d75386094979171dbde2ce583a

SHA256
8513e629cd85a984e4a30dfe4b3b7502ab87c8bc920825c11035718cb0211ea0

SHA512
6d80d26d91b704d50ff3ad74f76d6b1afe98af3d7a18e43011dbe3809adc305b0e382c10868328eb82c9f8b4c77bca1522bdc023c7c8712057b65f6579c9dff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22002\libssl-1_1-x64.dll

Filesize
511KB

MD5
0205c08024bf4bb892b9f31d751531a0

SHA1
60875676bc6f2494f052769aa7d644ef4a28c5e5

SHA256
ebe7ffc7eb0b79e29bfc4e408ea27e9b633584dd7bc8e0b5ffc46af19263844b

SHA512
45da0c128bfb706cb0340ad40fbc691696f3483a0235faaac864dea4580b57e36aa5b4b55a60322081d2d2e2df788c550fd43c317582a9b6a2d66712df215bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22002\python37.dll

Filesize
3.6MB

MD5
d558d4db5a6bd29a8b60b8aa46e5329a

SHA1
a5036009de7165b1b4721263eae4b240ee689095

SHA256
1cfdd40a9107d89310e4e3b6df5f25f26944b312e61638d014f1b1a8050ccc07

SHA512
5590fbd6c9c81293b21e9da9d35d5177f03ba3d247771e4abef3420420d9024f3a775796d73becd5aeb469df648d3105a016693c6b8f68e8c61399212439eebf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22002\select.pyd

Filesize
26KB

MD5
cf7bd630db53356c3dfd51ca8822b696

SHA1
202837642baa0d161d462039ab2441d491c6fe5f

SHA256
5ed33afc7f63de065457e0ef0852de0cc182a7111bd852e855eb9f48451b0e58

SHA512
4c32e03b670fa42f57e5e265e56e9845b719286ffecd8afcd583649fee11b803776f15ea28730925dc0c0b5510c18047ceda951fca1a716a1acc54f0dbc9e91a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22002\sqlite3.dll

Filesize
1.1MB

MD5
e0faa2ddf1c05dabe10de1c4bfa6f705

SHA1
cc0aefb96654947a2081fe144c0c76438e4b77dc

SHA256
80830fe350e383dfec02b4ce090a14f9e1415e830c5c8fd9a2133e141c33ca5c

SHA512
70b3db39a69ed52135ccb067326daa2b830ac9e7d2107cb5538ebf0b049112eb3e7bef84e025a531554f35e0e43dbb4c84057c33ff1c9af7e8cabb579c117b2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22002\ucrtbase.dll

Filesize
999KB

MD5
b1399c7bcc6ac3806a6b904212faf547

SHA1
bb75cb27c951f7e5d34cc514d598e34e372b18d1

SHA256
476a9bbb93f15181bf5c379be141e0518439dff7bb13b35a98698c85f2f092d9

SHA512
14918a56c6195562e6954395286a18ac4fa61f8768a9060a153a4e0eb698a1d2b2bd75c18303db511b5cb68b2c2677d2442466a5ca8a6484e5318948b8397a75

Download Submit