Overview

overview

10

Static

static

3

main.exe

windows10-2004-x64

10

Resubmissions

02/04/2025, 12:53

250402-p43agswzfw 10

14/02/2025, 05:39

250214-gca3xstphr 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    main.exe

  • Size

    7.2MB

  • Sample

    250214-gca3xstphr

  • MD5

    75a4c4a393ab704900d4e7b03928a898

  • SHA1

    6d252c3503f74df28a52aa86821fba3e7b2b4c1c

  • SHA256

    81ae30c871efc3f21a830d2c5d43a3b8067affbd43cee6cdaac71828a3501458

  • SHA512

    cf80b32fec27e41cb00bcddecebad2a59d456b8eef0bb101c8334c92db8da615ac7164bff9441eac499e59bcc72cc52ef01635bd69185561534ed7ba954a7baa

  • SSDEEP

    98304:ssJ/V6N+13gH5z4voNLZmjuAOZw3IvDiUFo0yfgdSiU8XvAx4aLZYyvJ83RxnPGA:b/35gZVHAr3hcdSyIx4ALiHPJd17YO

Score
10/10
credential_accessdefense_evasiondiscoveryevasionexploitransomwarespywarestealertrojan

Malware Config

Targets

    • Target

      main.exe

    • Size

      7.2MB

    • MD5

      75a4c4a393ab704900d4e7b03928a898

    • SHA1

      6d252c3503f74df28a52aa86821fba3e7b2b4c1c

    • SHA256

      81ae30c871efc3f21a830d2c5d43a3b8067affbd43cee6cdaac71828a3501458

    • SHA512

      cf80b32fec27e41cb00bcddecebad2a59d456b8eef0bb101c8334c92db8da615ac7164bff9441eac499e59bcc72cc52ef01635bd69185561534ed7ba954a7baa

    • SSDEEP

      98304:ssJ/V6N+13gH5z4voNLZmjuAOZw3IvDiUFo0yfgdSiU8XvAx4aLZYyvJ83RxnPGA:b/35gZVHAr3hcdSyIx4ALiHPJd17YO

    Score
    10/10
    credential_accessdefense_evasiondiscoveryevasionexploitransomwarespywarestealertrojan

    • Modifies Windows Defender DisableAntiSpyware settings

      evasiontrojan

    • UAC bypass

      defense_evasiontrojan

    • Drops file in Drivers directory

    • Possible privilege escalation attempt

      exploit

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

File and Directory Permissions Modification

1
T1222

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

3
T1112

Credential Access

Credentials from Password Stores

2
T1555

Credentials from Web Browsers

1
T1555.003

Windows Credential Manager

1
T1555.004

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Defacement

1
T1491

Tasks