Analysis

  • max time kernel
    102s
  • max time network
    104s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250619-en
  • resource tags

    arch:x64arch:x86image:win11-20250619-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    04/07/2025, 17:28

General

  • Target

    e9f127a4af5aa1728cd1ad9b24b98054685cf2792dae6ca8fd2723dbfec2f99e.exe

  • Size

    6.1MB

  • MD5

    cc0df839a2e9ff0bdf687417646589a5

  • SHA1

    ea74e5cad801405b21ab3e3de3f5f301a9b4f111

  • SHA256

    e9f127a4af5aa1728cd1ad9b24b98054685cf2792dae6ca8fd2723dbfec2f99e

  • SHA512

    45a6deb33511b66b89e99d47a5e41eb502e0ef17a87c386dc003784167dc306a9325cf2d99665dfcc15fa02ef05bca34849eb4e11e8591b3283d13428c85788a

  • SSDEEP

    98304:ALrSGpyK+Fnm8+GURyOFV0QNEfLwKPX5jwIQvMPoXlVcE48Z+:2S/Fm8+GURyO/gfNRjwPsorcE

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Modifies system certificate store 2 TTPs 5 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e9f127a4af5aa1728cd1ad9b24b98054685cf2792dae6ca8fd2723dbfec2f99e.exe
    "C:\Users\Admin\AppData\Local\Temp\e9f127a4af5aa1728cd1ad9b24b98054685cf2792dae6ca8fd2723dbfec2f99e.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:5508
    • C:\Users\Admin\AppData\Roaming\vV7D532D\vV7D53.exe
      C:\Users\Admin\AppData\Roaming\vV7D532D\vV7D53.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      PID:5096

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\vV7D532D\vV7D53.exe

          Filesize

          14.6MB

          MD5

          4673c97243be48ddde7dae61e37d62a6

          SHA1

          c4b10fde5483d981bbe1bf6e6a5edef0e499976b

          SHA256

          12856be58f708375377b7512353eb233e86064c5fe29c56eac3336690bc3a270

          SHA512

          697a13eb788a7c7a2331814ca72100f65258c15e00157b5f8df48033746de14969d8cb250ba372548eae03474f864516e7164bf6ac15f35b7a39802379160854