848d8ab365cfa9c087c80b87538a2c86921a16e886f0b3d32405cbe69f4d7f53

Analysis

max time kernel
62s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2025 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stealerium.zip
Size

5.9MB
MD5

e2e609d8870d6257945230e08ca4f62f
SHA1

338f787fc2eb8d8a33b7fd0e73f247743c497b9d
SHA256

848d8ab365cfa9c087c80b87538a2c86921a16e886f0b3d32405cbe69f4d7f53
SHA512

d10daa0212337d10b7ede25e1238dc5f77e93a0b9eb048a4a80c4bd1dc42af2dfdf7e0e8951486db6f738980e4a13802243a3c60696007104ef28f7f58002183
SSDEEP

98304:nR9fzGqzRjbT+yYTNWdDAkJNam4FFYGzYqLeB50CcOq0C2xJ9K8YR0fXgnGagsmx:PfzG6jbT+FUiWNaDFFYGEqLeBqCcR0oi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3444	Builder.exe

Loads dropped DLL 2 IoCs

pid	Process
3444	Builder.exe
3444	Builder.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4988	7zFM.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	4988	7zFM.exe
Token: 35	4988	7zFM.exe
Token: SeSecurityPrivilege	4988	7zFM.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4988	7zFM.exe
4988	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Stealerium.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4988

C:\Users\Admin\Desktop\Builder.exe
"C:\Users\Admin\Desktop\Builder.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\Builder.deps.json

Filesize
1KB

MD5
503c7248e00282d9a70a331da0129e95

SHA1
c2f260cdc2d626ba583e0be3f107d05568bf00a2

SHA256
a86c83cccf639e2c3121c6a86a0ce14cef77914261f6b8eaf6717165eae805a5

SHA512
0b3776cf1b53e67722645a7adece7b377eb07702cf99ffca6e2621070d0dbf251e3ee7743c485fda3c6343b8eff8aa0bcec44e0e57b4b9299b8617e0ea01dd3e

Download Submit
C:\Users\Admin\Desktop\Builder.dll

Filesize
295KB

MD5
2017c72b7539e50fa080a024acef4708

SHA1
30fb51adfff61ef22ad12c6345342859e323f1a4

SHA256
d72393f030c0b671e238b0738409542b56b51ea7443ce8e6bc3c279b401ba9dd

SHA512
9b7e41a6cddfd3b4e82d1f0311a2b14f5f5834357fca5a0687b93037e8792a6e95d81b7d42a68292cb160107d07fa5a8054eabf39e85f38a4075ad460a4c96cd

Download Submit
C:\Users\Admin\Desktop\Builder.dll.config

Filesize
835B

MD5
f1db3679756e93364a7da8729c3df91d

SHA1
2e9fcbe36fafbf6493177b9449511274eea64663

SHA256
765b13489d8e2633b3ba1b38ec571ed44db0d831866b8b574df2891f669e513e

SHA512
29eaf86ca70bbdf1cef8cc0636370a2bf0b06c9a6b8fa3b63a0c398a2bd3450d7fac48d320a39d1b88c5210235cb4b3ba9ee59be4f4e8a0fa7b7e88a37d2e836

Download Submit
C:\Users\Admin\Desktop\Builder.exe

Filesize
135KB

MD5
83daa7058146477cb886a34a421fa628

SHA1
39501f3805d600324ea98c708d1c216f64ec2854

SHA256
ac6f2aa2afcc33bda519863f8d19255d4efe80db0c1b1215783f32d9915ce2c1

SHA512
16ad3f0e61bf7fc8e546bad9c348e0bf810056570a09f80f2e04f4123c5d143a2d0161e5505404e9bae0210495e5d18db5e2ec3e7759daec7ca7d2b4ad10ebf0

Download Submit
C:\Users\Admin\Desktop\Builder.runtimeconfig.json

Filesize
515B

MD5
e0f6f18f9b152bc2d8c710b0214805d6

SHA1
ae3d39e59fd6edc05792a76cdf4f02a637f52e29

SHA256
89ad1ea5c9c20b6b266547ef27c0ae3840cab5642d3c2aedf06b7026245671dd

SHA512
80a6a9ff925bd1ba6f57fa1f7dd40de962001af97f8c2477d0b502728e23b6f412c74134e33efb36ccfeb08bbbeb678beb7e2e52fad24a763967eba8cf09b29e

Download Submit
C:\Users\Admin\Desktop\Wpf.Ui.dll

Filesize
5.2MB

MD5
cc27609de5a51857ba8fbfb87980002e

SHA1
cd9d5238c4ba69906d2ae3004bddd91f561d7eab

SHA256
7cbc69f998f8c129f3cdf6ff5f636c18bf057acd173e939c4e9af1c5372434c0

SHA512
25dfe16f41cf8c25fcc92bfb64460373ff3ba8345d4d71ecd2d5815ef995a73df5dc7341d33eede3d324493343c0c6e4181c7067f8d92345438cf8e4366596c3

Download Submit