Overview

overview

10

Static

static

10

2025-03-02...ch.exe

windows7-x64

1

2025-03-02...ch.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-02_97935ff63542a503d68440d9f8afa689_frostygoop_golang_luca-stealer_poet-rat_sliver_snatch

  • Size

    20.3MB

  • Sample

    250302-cgvkxazybz

  • MD5

    97935ff63542a503d68440d9f8afa689

  • SHA1

    34dd9b79772375b377f52d8f7535764b8a9e7215

  • SHA256

    ef4562b7fca6955585eb618647a662fff7cc8e01489166d17f2cbb5d00652ef8

  • SHA512

    f183c66d4f01be3e8864d84ae1f210ea6b206b8734791f911711039e163e06a46661c0c7ff4e9e52ec01abf53d98f8b89060dcdee1f2121fefdac40a88e82f2c

  • SSDEEP

    393216:4qiiuRZc4JPVC0FlcfPat38i08go0K5Y:EiuJJPVC0Mfet0K

Score
10/10
hackbrowserdatacredential_accessdefense_evasiondiscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      2025-03-02_97935ff63542a503d68440d9f8afa689_frostygoop_golang_luca-stealer_poet-rat_sliver_snatch

    • Size

      20.3MB

    • MD5

      97935ff63542a503d68440d9f8afa689

    • SHA1

      34dd9b79772375b377f52d8f7535764b8a9e7215

    • SHA256

      ef4562b7fca6955585eb618647a662fff7cc8e01489166d17f2cbb5d00652ef8

    • SHA512

      f183c66d4f01be3e8864d84ae1f210ea6b206b8734791f911711039e163e06a46661c0c7ff4e9e52ec01abf53d98f8b89060dcdee1f2121fefdac40a88e82f2c

    • SSDEEP

      393216:4qiiuRZc4JPVC0FlcfPat38i08go0K5Y:EiuJJPVC0Mfet0K

    Score
    9/10
    credential_accessdefense_evasiondiscoveryexecutionspywarestealer

    • Enumerates VirtualBox DLL files

    • Enumerates VirtualBox registry keys

      defense_evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Identifies Xen via ACPI registry values (likely anti-VM)

      defense_evasion

    • Looks for Parallels drivers on disk.

      defense_evasion

    • Looks for VirtualBox Guest Additions in registry

      defense_evasion

    • Looks for VirtualBox drivers on disk

      defense_evasion

    • Looks for VirtualBox executables on disk

    • Looks for VMWare Tools registry key

      defense_evasion

    • Looks for VMWare drivers on disk

      defense_evasion

    • Looks for VMWare services registry key.

      defense_evasion

    • Looks for Xen service registry key.

      defense_evasion

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Modify Authentication Process

1
T1556

Privilege Escalation

Defense Evasion

Modify Authentication Process

1
T1556

Modify Registry

1
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Virtualization/Sandbox Evasion

12
T1497

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Modify Authentication Process

1
T1556

Steal Web Session Cookie

1
T1539

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Browser Information Discovery

1
T1217

File and Directory Discovery

5
T1083

Peripheral Device Discovery

1
T1120

Query Registry

9
T1012

System Information Discovery

4
T1082

Virtualization/Sandbox Evasion

12
T1497

Lateral Movement

Collection

Data from Local System

2
T1005

Command and Control

Exfiltration

Impact

Tasks