Overview

overview

8

Static

static

ec72a93f62...ee.exe

windows7_x64

8

ec72a93f62...ee.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec72a93f6279b16006f2196f330166ee.exe

  • Size

    4.9MB

  • Sample

    210928-g8cxdsahem

  • MD5

    ec72a93f6279b16006f2196f330166ee

  • SHA1

    74b4d4a19500d3644a6a4f523ad7d4adcb1ace6f

  • SHA256

    4340bc1e1ddb5d268a010401be96435063de733a2601d158d13f56da9f20df5d

  • SHA512

    3c0b595d905e8d6f83b82d769415bc257eaf514832575674179720b8486dccd5df24c0ff9a789498f76c388bfc5048fa56c0569d2342277c159262ca58ecf0ad

Score
8/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      ec72a93f6279b16006f2196f330166ee.exe

    • Size

      4.9MB

    • MD5

      ec72a93f6279b16006f2196f330166ee

    • SHA1

      74b4d4a19500d3644a6a4f523ad7d4adcb1ace6f

    • SHA256

      4340bc1e1ddb5d268a010401be96435063de733a2601d158d13f56da9f20df5d

    • SHA512

      3c0b595d905e8d6f83b82d769415bc257eaf514832575674179720b8486dccd5df24c0ff9a789498f76c388bfc5048fa56c0569d2342277c159262ca58ecf0ad

    Score
    8/10
    discoveryspywarestealer

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks