Extracted

• • Target

    89ad45b4a0e2d547c1e09d0a1ea94df6.exe

  • Size

    240KB

  • MD5

    89ad45b4a0e2d547c1e09d0a1ea94df6

  • SHA1

    ca32c2e492bb6d0753aab59993380db79b080740

  • SHA256

    18f4e82898557ba7f23f5b58e181793aee6b9ee066258ce0b8fdba63a714c4f8

  • SHA512

    22c575d47780046d845e0c383bf02aded47d2813173ea6f07180f8726be42084336ef5009c34c5c8295d0deddb3f19f6e5fee1902d62ac9499a117e7de59c4ff

  • SSDEEP

    3072:skv0eu6ZJlctXwLISyqlsxfKPkAck1gD1l567pGDUJ42pUvp85lmv6RReHeP3Kqc:/MeNRFLIu5ckeHgFGD+jpUvwzzeot+

  Score

  8^/10

  credential_accessdiscoveryspywarestealer

  • Downloads MZ/PE file

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2