c57a017b6865ca78a9a61e1b530084682cfb24c82e399b75e3d51ccbe5f94dc3 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

settings.json

windows10-2004-x64

8

Resubmissions

21-02-2025 18:31

250221-w6hr7axjf1 8

17-02-2025 23:21

250217-3b3bnsvkbq 8

17-02-2025 22:59

250217-2yvdxavjan 10

17-02-2025 22:47

250217-2qlrsstqgv 3

17-02-2025 22:43

250217-2nmlbatqgm 3

Sharing

General

Target

settings.json
Size

159B
Sample

250217-3b3bnsvkbq
MD5

bf7c91a40ae1aaa3e7537aaf156780f3
SHA1

ace8ec14125ae7320c4efdfc89a82e0e3d2db91f
SHA256

c57a017b6865ca78a9a61e1b530084682cfb24c82e399b75e3d51ccbe5f94dc3
SHA512

edcfe353a5cf1a3cc3bf78b60df950defd86a5f1d255ef74c17ea916f2c9bc4fe65e4c2a607a3bd7f7abd7ad2c59dfc18c45269c43000a23dffca083859feeb6

Score

8^/10

discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

settings.json

Resource

win10v2004-20250217-en

discovery spyware stealer

windows10-2004-x64

27 signatures

900 seconds

Malware Config

Targets

- Target
  
  settings.json
- Size
  
  159B
- MD5
  
  bf7c91a40ae1aaa3e7537aaf156780f3
- SHA1
  
  ace8ec14125ae7320c4efdfc89a82e0e3d2db91f
- SHA256
  
  c57a017b6865ca78a9a61e1b530084682cfb24c82e399b75e3d51ccbe5f94dc3
- SHA512
  
  edcfe353a5cf1a3cc3bf78b60df950defd86a5f1d255ef74c17ea916f2c9bc4fe65e4c2a607a3bd7f7abd7ad2c59dfc18c45269c43000a23dffca083859feeb6
Score

8^/10

discovery spyware stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Network Service Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

© 2018-2025

Terms | Privacy