Overview

overview

7

Static

static

3

SAM (3).exe

windows7-x64

7

SAM (3).exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e484a5e9d2870ece3037e519f4aa5b924b2b7a6ae6227804fbda959e789508a

  • Size

    154KB

  • Sample

    250117-ceyjsaykes

  • MD5

    fc10b4d4fc42885e8e07cb6192faa105

  • SHA1

    e4c6e3b1b5e52b51f4df36b08fe7c1d4c9ecda15

  • SHA256

    9e484a5e9d2870ece3037e519f4aa5b924b2b7a6ae6227804fbda959e789508a

  • SHA512

    9502a189572da6f9352627e127215524bab41ab8653bd771241bc4b1baddd79bcfdb50e3bea6370a4e7c9e210b4f86460d3e0591e73a2054c9406e6c176b02a1

  • SSDEEP

    3072:W5NxdMj7DYOqLQJkZ6BgXonIOv4Ggjy4Q0lLSPeJ09A4wd:YN03YOq6IbXonnvrOy4fWA0u4wd

Score
7/10
collectiondiscoveryspywarestealer

Malware Config

Targets

    • Target

      SAM (3).exe

    • Size

      219KB

    • MD5

      bde007136af17f9d7f7049a40082f4d8

    • SHA1

      fe7e3adccf9a0cea181f39d15ca0f8a0490edbc8

    • SHA256

      7694106bbcc7c0aad47dc111e65f379e281117c5f9fffede49787646d8ea1074

    • SHA512

      7747d0cb629dc869b89a098e3ae476f872f3213180437dac961ee30f004ad355c8007c6dc742343f9f2ef31e8ec6a6ca10cec3efd7f02b34c8f34d56ef141152

    • SSDEEP

      3072:QArRIzPm7i7x2KhtCqE5bpcqiidyAd9g8Qwyhqa7Unbyv6AR+xx7CG9XeIUV:r4PO62KI5dcdidld9grwqoyv66cZXV

    Score
    7/10
    collectiondiscoveryspywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks