90d015b08c37c5a9e9f42ada10ec29a5d34d5d6e63373eb5da9e5af6b485e688

Submit
Reports

Overview

overview

Static

static

DefenderControl.exe

windows7-x64

DefenderControl.exe

windows10-2004-x64

Software U...ol.exe

windows7-x64

Software U...ol.exe

windows10-2004-x64

Software U...l.html

windows7-x64

Software U...l.html

windows10-2004-x64

Telegram Channel.lnk

windows7-x64

Telegram Channel.lnk

windows10-2004-x64

XSSLite St...ber.js

windows7-x64

XSSLite St...ber.js

windows10-2004-x64

XSSLite St...ets.js

windows7-x64

XSSLite St...ets.js

windows10-2004-x64

XSSLite St...ram.js

windows7-x64

XSSLite St...ram.js

windows10-2004-x64

XSSLite St...ion.js

windows7-x64

XSSLite St...ion.js

windows10-2004-x64

XSSLite St...ra.dll

windows7-x64

XSSLite St...ra.dll

windows10-2004-x64

XSSLite St...dy.dll

windows7-x64

XSSLite St...dy.dll

windows10-2004-x64

XSSLite St...dy.dll

windows7-x64

XSSLite St...dy.dll

windows10-2004-x64

XSSLite St...dy.dll

windows7-x64

XSSLite St...dy.dll

windows10-2004-x64

XSSLite St...on.dll

windows7-x64

XSSLite St...on.dll

windows10-2004-x64

XSSLite St...rs.dll

windows7-x64

XSSLite St...rs.dll

windows10-2004-x64

XSSLite St...ed.dll

windows7-x64

XSSLite St...ed.dll

windows10-2004-x64

XSSLite St...db.dll

windows7-x64

XSSLite St...db.dll

windows10-2004-x64

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2024 21:44

Sharing

Copy URL

Twitter E-mail

Static task

static1

neshta

3 signatures

Behavioral task

behavioral1

Sample

DefenderControl.exe

Resource

win7-20241023-en

discovery

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

DefenderControl.exe

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

Software Usage Tutorial/DefenderControl.exe

Resource

win7-20240903-en

neshta discovery persistence spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral4

Sample

Software Usage Tutorial/DefenderControl.exe

Resource

win10v2004-20241007-en

neshta discovery persistence spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral5

Sample

Software Usage Tutorial/Software Usage Tutorial.html

Resource

win7-20240903-en

discovery

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral6

Sample

Software Usage Tutorial/Software Usage Tutorial.html

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral7

Sample

Telegram Channel.lnk

Resource

win7-20240729-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral8

Sample

Telegram Channel.lnk

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral9

Sample

XSSLite Stealer/Client/Client/Grabber/Grabber.js

Resource

win7-20240708-en

execution

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

XSSLite Stealer/Client/Client/Grabber/Grabber.js

Resource

win10v2004-20241007-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral11

Sample

XSSLite Stealer/Client/Client/Grabber/Wallets.js

Resource

win7-20240903-en

execution

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral12

Sample

XSSLite Stealer/Client/Client/Grabber/Wallets.js

Resource

win10v2004-20241007-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral13

Sample

XSSLite Stealer/Client/Client/Program.js

Resource

win7-20240903-en

execution

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral14

Sample

XSSLite Stealer/Client/Client/Program.js

Resource

win10v2004-20241007-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral15

Sample

XSSLite Stealer/Client/Client/Protection.js

Resource

win7-20240903-en

execution

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral16

Sample

XSSLite Stealer/Client/Client/Protection.js

Resource

win10v2004-20241007-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral17

Sample

XSSLite Stealer/Client/packages/Costura.Fody.5.7.0/lib/netstandard1.0/Costura.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

XSSLite Stealer/Client/packages/Costura.Fody.5.7.0/lib/netstandard1.0/Costura.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

XSSLite Stealer/Client/packages/Costura.Fody.5.7.0/netclassicweaver/Costura.Fody.dll

Resource

win7-20241010-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

XSSLite Stealer/Client/packages/Costura.Fody.5.7.0/netclassicweaver/Costura.Fody.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

XSSLite Stealer/Client/packages/Costura.Fody.5.7.0/netstandardweaver/Costura.Fody.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

XSSLite Stealer/Client/packages/Costura.Fody.5.7.0/netstandardweaver/Costura.Fody.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/Fody.dll

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/Fody.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/FodyCommon.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/FodyCommon.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/FodyHelpers.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/FodyHelpers.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/FodyIsolated.dll

Resource

win7-20241010-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/FodyIsolated.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/Mono.Cecil.Pdb.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/Mono.Cecil.Pdb.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/Mono.Cecil.Pdb.dll
Size

87KB
MD5

bdfe84812d447cf67dc0f9b5f7b3cda8
SHA1

43de7a2e4f9b6e81d91cf6b56c2ef6e9d562649e
SHA256

25d1f19121dd780de3c8ac357a5436f7c59e3e63e2dd1d262a02092f5c371dff
SHA512

749eade2e98b27ef828178e52f50cefc8f88eb0a3e8049d6fa9460fcf3a9591b9d5eeec1abbf2e923ff4852b4ab2fb9c5f065840c921895359df4fe7ce574851
SSDEEP

1536:BfCEVETXo3f+yAvaDvNaPS/vSC6G+ALYKXgAJGsZAEcbxvjCXe6:9uiQPwvH6bArVJGXE+xveXe6

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XSSLite Stealer\Client\packages\Fody.6.8.0\netclassictask\Mono.Cecil.Pdb.dll",#1
1⤵
PID:4928

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads