Analysis
-
max time kernel
94s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
29-12-2024 10:41
Behavioral task
behavioral1
Sample
StarGrabber.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
StarGrabber.exe
Resource
win10v2004-20241007-en
General
-
Target
StarGrabber.exe
-
Size
15.8MB
-
MD5
ca2dd73369bee9856e72fa7ea09e0a8a
-
SHA1
0c0154c3408402a17e6311580174fed7c6fbbe4a
-
SHA256
824e76a21ae447e382bb32a0b234ccfc68ce5ffd76ae170b340eb9249184668f
-
SHA512
2caf95091fdc953a1e171b37a916852da9ed9efb468d124414710cebbbfee5a50a40fc6ac0d147d544d6609785ad8ed80f86304c76ad18a22324aa71bd76d3c3
-
SSDEEP
393216:pQNPWFszf490j9c5hlERpAdZYycn0trh9Jb8YT:pQoFszfm0JEhkpAdZgCFjF
Malware Config
Signatures
-
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarGrabber.exe StarGrabber.exe -
Loads dropped DLL 44 IoCs
pid Process 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe 3908 StarGrabber.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Looks up external IP address via web service 5 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 15 api.ipify.org 16 api.ipify.org 19 api.ipify.org 24 api.ipify.org 29 api.ipify.org -
Enumerates processes with tasklist 1 TTPs 1 IoCs
pid Process 3296 tasklist.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3296 tasklist.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4944 wrote to memory of 3908 4944 StarGrabber.exe 82 PID 4944 wrote to memory of 3908 4944 StarGrabber.exe 82 PID 3908 wrote to memory of 4844 3908 StarGrabber.exe 83 PID 3908 wrote to memory of 4844 3908 StarGrabber.exe 83 PID 4844 wrote to memory of 3296 4844 cmd.exe 85 PID 4844 wrote to memory of 3296 4844 cmd.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\StarGrabber.exe"C:\Users\Admin\AppData\Local\Temp\StarGrabber.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4944 -
C:\Users\Admin\AppData\Local\Temp\StarGrabber.exe"C:\Users\Admin\AppData\Local\Temp\StarGrabber.exe"2⤵
- Drops startup file
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3908 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist"3⤵
- Suspicious use of WriteProcessMemory
PID:4844 -
C:\Windows\system32\tasklist.exetasklist4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3296
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5ff2c1c4a7ae46c12eb3963f508dad30f
SHA14d759c143f78a4fe1576238587230acdf68d9c8c
SHA25673cf4155df136db24c2240e8db0c76bedcbb721e910558512d6008adaf7eed50
SHA512453ef9eed028ae172d4b76b25279ad56f59291be19eb918de40db703ec31cddf60dce2e40003dfd1ea20ec37e03df9ef049f0a004486cc23db8c5a6b6a860e7b
-
Filesize
13KB
MD5fe489576d8950611c13e6cd1d682bc3d
SHA12411d99230ef47d9e2e10e97bdea9c08a74f19af
SHA256bb79a502eca26d3418b49a47050fb4015fdb24bee97ce56cdd070d0fceb96ccd
SHA5120f605a1331624d3e99cfdc04b60948308e834aa784c5b7169986eefbce4791faa148325c1f1a09624c1a1340e0e8cf82647780ffe7b3e201fdc2b60bcfd05e09
-
Filesize
14KB
MD5a33ac93007ab673cb2780074d30f03bd
SHA1b79fcf833634e6802a92359d38fbdcf6d49d42b0
SHA2564452cf380a07919b87f39bc60768bcc4187b6910b24869dbd066f2149e04de47
SHA5125d8bdca2432cdc5a76a3115af938cc76cf1f376b070a7fd1bcbf58a7848d4f56604c5c14036012027c33cc45f71d5430b5abbfbb2d4adaf5c115ddbd1603ab86
-
Filesize
10KB
MD5821aaa9a74b4ccb1f75bd38b13b76566
SHA1907c8ee16f3a0c6e44df120460a7c675eb36f1dd
SHA256614b4f9a02d0191c3994205ac2c58571c0af9b71853be47fcf3cb3f9bc1d7f54
SHA5129d2ef8f1a2d3a7374ff0cdb38d4a93b06d1db4219bae06d57a075ee3dff5f7d6f890084dd51a972ac7572008f73fde7f5152ce5844d1a19569e5a9a439c4532b
-
Filesize
12KB
MD5619fb21dbeaf66bf7d1b61f6eb94b8c5
SHA17dd87080b4ed0cba070bb039d1bdeb0a07769047
SHA256a2afe994f8f2e847951e40485299e88718235fbefb17fccca7ace54cc6444c46
SHA512ee3dbd00d6529fcfcd623227973ea248ac93f9095430b9dc4e3257b6dc002b614d7ce4f3daab3e02ef675502afdbe28862c14e30632e3c715c434440615c4dd4
-
Filesize
99KB
MD58697c106593e93c11adc34faa483c4a0
SHA1cd080c51a97aa288ce6394d6c029c06ccb783790
SHA256ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833
SHA512724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987
-
Filesize
43KB
MD521ae0d0cfe9ab13f266ad7cd683296be
SHA1f13878738f2932c56e07aa3c6325e4e19d64ae9f
SHA2567b8f70dd3bdae110e61823d1ca6fd8955a5617119f5405cdd6b14cad3656dfc7
SHA5126b2c7ce0fe32faffb68510bf8ae1b61af79b2d8a2d1b633ceba3a8e6a668a4f5179bb836c550ecac495b0fc413df5fe706cd6f42e93eb082a6c68e770339a77c
-
Filesize
83KB
MD56c7565c1efffe44cb0616f5b34faa628
SHA188dd24807da6b6918945201c74467ca75e155b99
SHA256fe63361f6c439c6aa26fd795af3fd805ff5b60b3b14f9b8c60c50a8f3449060a
SHA512822445c52bb71c884461230bb163ec5dee0ad2c46d42d01cf012447f2c158865653f86a933b52afdf583043b3bf8ba7011cc782f14197220d0325e409aa16e22
-
Filesize
177KB
MD5ba20b38817bd31b386615e6cf3096940
SHA1dfd0286bc3d11d779f6b24f4245b5602b1842df0
SHA2560fffe7a441f2c272a7c6d8cf5eb1adce71fde6f6102bc7c1ceb90e05730c4b07
SHA512b580c1c26f4ddea3fb7050c83839e9e3ede7659f934928072ae8da53db0c92babc72dbc01130ec931f4ec87e3a3118b6d6c42a4654cd6775e24710517585b275
-
Filesize
122KB
MD529da9b022c16da461392795951ce32d9
SHA10e514a8f88395b50e797d481cbbed2b4ae490c19
SHA2563b4012343ef7a266db0b077bbb239833779192840d1e2c43dfcbc48ffd4c5372
SHA5125c7d83823f1922734625cf69a481928a5c47b6a3bceb7f24c9197175665b2e06bd1cfd745c55d1c5fe1572f2d8da2a1dcc1c1f5de0903477bb927aca22ecb26a
-
Filesize
264KB
MD5ce4df4dfe65ab8dc7ae6fcdebae46112
SHA1cdbbfda68030394ac90f6d6249d6dd57c81bc747
SHA256ffbe84f0a1eab363ca9cf73efb7518f2abd52c0893c7cc63266613c930855e96
SHA512fc8e39942e46e4494356d4a45257b657495cbfa20e9d67850627e188f70b149e22603ae4801b4ba7b9a04d201b3787899d2aee21565237d18e0afce9bae33ee9
-
Filesize
63KB
MD5f377a418addeeb02f223f45f6f168fe6
SHA15d8d42dec5d08111e020614600bbf45091c06c0b
SHA2569551431425e9680660c6baf7b67a262040fd2efceb241e4c9430560c3c1fafac
SHA5126f60bfac34ed55ff5d6ae10c6ec5511906c983e0650e5d47dac7b8a97a2e0739266cae009449cced8dff59037e2dbfc92065fbbdfde2636d13679e1629650280
-
Filesize
157KB
MD5b5355dd319fb3c122bb7bf4598ad7570
SHA1d7688576eceadc584388a179eed3155716c26ef5
SHA256b9bc7f1d8aa8498cb8b5dc75bb0dbb6e721b48953a3f295870938b27267fb5f5
SHA5120e228aa84b37b4ba587f6d498cef85aa1ffec470a5c683101a23d13955a8110e1c0c614d3e74fb0aa2a181b852bceeec0461546d0de8bcbd3c58cf9dc0fb26f5
-
Filesize
28KB
MD5e06c0c8ec05eadbeecb3083f8ec26be6
SHA10c7df3e3c82f44f4b0347be2d218fbe879770053
SHA25691adac3af53eedb4508f554e48dfee6e17252c28b017534124b43df856ea84ef
SHA512839625da6e80aaf47d664adeec9805a3af5b08ffeee270d17353e6dcaaff89518960d4fb8a7d35ad8b77be94380c4266b6efcca2535ea0362962abc518533228
-
Filesize
27KB
MD54ab2ceb88276eba7e41628387eacb41e
SHA158f7963ba11e1d3942414ef6dab3300a33c8a2bd
SHA256d82ab111224c54bab3eefdcfeb3ba406d74d2884518c5a2e9174e5c6101bd839
SHA512b0d131e356ce35e603acf0168e540c89f600ba2ab2099ccf212e0b295c609702ac4a7b0a7dbc79f46eda50e7ea2cf09917832345dd8562d916d118aba2fa3888
-
Filesize
77KB
MD5f5dd9c5922a362321978c197d3713046
SHA14fbc2d3e15f8bb21ecc1bf492f451475204426cd
SHA2564494992665305fc9401ed327398ee40064fe26342fe44df11d89d2ac1cc6f626
SHA512ce818113bb87c6e38fa85156548c6f207aaab01db311a6d8c63c6d900d607d7beff73e64d717f08388ece4b88bf8b95b71911109082cf4b0c0a9b0663b9a8e99
-
Filesize
86KB
MD511897592cf9c078a0a1633c57a7694e2
SHA19a6da7aaec8e808e2faee476d59bc685b2da7fbc
SHA256f8d0afd1fe15f19d3a3ade2a673eb2b9ecdc7952e67c6e50d228fe9666af2f79
SHA51272b9a264a2d6ea5e1a3fed8bd44501fbd035708b28e40b6993cb41ed041a439edc63cd4c23a9833cf08cf89c82b86fa9f3f5484262d6131d3e2142222eb4e88d
-
Filesize
149KB
MD5ef4755195cc9b2ff134ea61acde20637
SHA1d5ba42c97488da1910cf3f83a52f7971385642c2
SHA2568a86957b3496c8b679fcf22c287006108bfe0bb0aaffea17121c761a0744b470
SHA51263ad2601fb629e74cf60d980cec292b6e8349615996651b7c7f68991cdae5f89b28c11adb77720d7dbbd7700e55fdd5330a84b4a146386cf0c0418a8d61a8a71
-
Filesize
21KB
MD5c9d5a1a4b6186b5ad1242e6c5cca31e5
SHA140c29c4b192ab421038d7ba2f407ad52bd0e1dc5
SHA256eec57d615873e2065ed83da6164774b9396b4984ad39e1c2166f2c9b45626272
SHA512a2a3afd56350c7de3ca55b105928eceb8952e9bac08aaf171ef6644d50385afb836fc39abd1d9b372e65edfff4c6e686a084dcd03231487b96f1674401cca290
-
Filesize
822KB
MD5077f614c0d45a14b87aa769da7277165
SHA1edd2f5a6bfffc3b5b7705fa179054ee4c46617f1
SHA2561888bebd2e4d139168e11ce69b9100e4f6d6fa038436155adbdcd2bede8419a3
SHA512d46896f4a1a50ca660c5b1b2825e39883535dc6bafb3c64da5b185e05197f1b1d319c26fb9d875d70ead73ea2d7dcc02fa5bc3e22187bf65278493dcc951ad1e
-
Filesize
10KB
MD56177565eb67296ab3c176d8b99c80d16
SHA18a85caaa3e8de8d59aaa8e89c60eb65cb0abefd9
SHA256413b60d5072a490c12f10d91444c00dd9d51b9766b75623dec2dd7f1a1ff1d55
SHA5129fea17e6d3f46cef3d4f39776e7ed00e3a2c07552db735dbcc110ccedaba493c7ab562a0dbfd26273be0cd217d445f6944734ab6e06752053fa648fbf575d601
-
Filesize
114KB
MD52d0ad3f94b3f844e52e1de8c6b44090c
SHA1ab4c74b8f23d6fb9237515a022b0b70de1f880f1
SHA2567344ade704c45c0ab507765bed01d992d8c6e66f897ee7b5f19724722dfea051
SHA51281b127e84f7a2f17c397332675dea147cb5847ef32ecbd96a46e2b332ad149e4643888d2ca22424ecee39ff4b662a90dbbac529438560b897ed7c588479b6cc7
-
Filesize
3.2MB
MD5cc4cbf715966cdcad95a1e6c95592b3d
SHA1d5873fea9c084bcc753d1c93b2d0716257bea7c3
SHA256594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1
SHA5123b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
673KB
MD5bc778f33480148efa5d62b2ec85aaa7d
SHA1b1ec87cbd8bc4398c6ebb26549961c8aab53d855
SHA2569d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843
SHA51280c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173
-
Filesize
184KB
MD50dc9848a5fce6ec03799ac65602dc053
SHA1ddfd97a45c0db5117e047bf45d66873b53160978
SHA256adc9c63f92629ed4b860fc1855400b59a1ae73dd489fd49db326dcfcad48550e
SHA512d1b2f71000cab1115971d44c690fdb8966b9b402216b87ec1f1e8e8a1cca3ce1e1145b8d650c8ad737e6e24c59503aaf9310de3e96a0ac6596187c800013ac71
-
Filesize
57KB
MD53c88de1ebd52e9fcb46dc44d8a123579
SHA17d48519d2a19cac871277d9b63a3ea094fbbb3d9
SHA2562b22b6d576118c5ae98f13b75b4ace47ab0c1f4cd3ff098c6aee23a8a99b9a8c
SHA5121e55c9f7ac5acf3f7262fa2f3c509ee0875520bb05d65cd68b90671ac70e8c99bce99433b02055c07825285004d4c5915744f17eccfac9b25e0f7cd1bee9e6d3
-
Filesize
4.3MB
MD511c051f93c922d6b6b4829772f27a5be
SHA142fbdf3403a4bc3d46d348ca37a9f835e073d440
SHA2560eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c
SHA5121cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6
-
Filesize
654KB
MD58d4cd39cf6b1e5d3743ac1bcdcab4f12
SHA12ecfd93164920a60c273b1d000df14351816dbd7
SHA2560789f9321abfa3a6403a483cb3ba684da5cfc39d26195fce8669a77c6367c413
SHA5127734d61b7b2c5f829d05488b26d958b85d0cf87776b91e8a63b58debf5d32db42bc2d203cc5a27ab426672c282bf95b41b8429ee3ea1f0e0d9ca55f9f68e77bd
-
Filesize
131KB
MD5f20fd2e2ac9058a9fd227172f8ff2c12
SHA189eba891352be46581b94a17db7c2ede9a39ab01
SHA25620bde8e50e42f7aabf59106eea238fcc0dece0c6e362c0a7feeb004ab981db8a
SHA51242a86fa192aea7adb4283dc48a323a4f687dad40060ea3ffddcd8fd7670bb535d31a7764706e5c5473da28399fec048ae714a111ee238bb25e1aad03e12078d4
-
Filesize
26KB
MD57a442bbcc4b7aa02c762321f39487ba9
SHA10fcb5bbdd0c3d3c5943e557cc2a5b43e20655b83
SHA2561dd7bba480e65802657c31e6d20b1346d11bca2192575b45eb9760a4feb468ad
SHA5123433c46c7603ae0a73aa9a863b2aecd810f8c0cc6c2cd96c71ef6bde64c275e0fceb4ea138e46a5c9bf72f66dcdea3e9551cf2103188a1e98a92d8140879b34c
-
Filesize
1.4MB
MD5ae6c9d9f085262b4623791babb088e3f
SHA1d908cbfd291a72f355a2080f6670eb7c661fde08
SHA2562934dba913caf3cea148207d8c4506350a02f0d4e150bba229113ebe8fe3bc6b
SHA5121438adbb5925f5da07eef6e50f40ac8c56e46b8c69e926c3cba183fc2316344ae6afa0897d1000492804b5809808eb17a74ccb0bf5acef0fe0575f861a594b89
-
Filesize
1.1MB
MD58320c54418d77eba5d4553a5d6ec27f9
SHA1e5123cf166229aebb076b469459856a56fb16d7f
SHA2567e719ba47919b668acc62008079c586133966ed8b39fec18e312a773cb89edae
SHA512b9e6cdcb37d26ff9c573381bda30fa4cf1730361025cd502b67288c55744962bdd0a99790cedd4a48feef3139e3903265ab112ec545cb1154eaa2a91201f6b34
-
Filesize
4B
MD5365c9bfeb7d89244f2ce01c1de44cb85
SHA1d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1
-
Filesize
130KB
MD505e4b3b876e5fa6a2b8951f764559623
SHA14ad50f70eef4feaa9d051c2f161fbac8a862a4bc
SHA256a52f8bd28b5b9558cde10333ce452a7d6f338ce1005a2b8451755005868e4a98
SHA5125648306af7c056c9250731b7d5a508664294bbb8ba865f9dc06fd7216adf7b8cc31b1cfbc0175c7f2752680744f6546a1959e7f7d1ec7a8a845f75642ce034d9