predatorstealer | bceb7feb4613ac228f25eb96d6b4d5f41bd1d94642b0e131a6fea147c4121c39 | Triage

Submit
Reports

Overview

overview

Static

static

9f2a970442...b7.exe

windows7-x64

9f2a970442...b7.exe

windows10-2004-x64

Sharing

General

Target

11271592606.zip
Size

211KB
Sample

230728-2j9kaaaa45
MD5

0650df7c8710e8903b90425d0751424c
SHA1

d7ce1fcbc41c4477fcd83e6ec4a9cb951aa19996
SHA256

bceb7feb4613ac228f25eb96d6b4d5f41bd1d94642b0e131a6fea147c4121c39
SHA512

53626049eb026aec3a62339042c9aba6a5ac7aec4080b295b0de05e29041cd2275609c00124dd2c95fe7ca059cdf87739f27b9a64de96fe065bb1ae21e2a61e6
SSDEEP

6144:uLdEPqIAIpADhgtPF0SKdvTnVW/ag+EJ5Ps:g/xIp+fvoCg+kK

Score

10^/10

predatorstealer collection discovery persistence spyware stealer

Static task

static1

predatorstealer

2 signatures

Behavioral task

behavioral1

Sample

9f2a970442b3b9551f3fc534f19b989cb24c652ca5ac2e4eea515ac6b91bf0b7.exe

Resource

win7-20230712-en

predatorstealer collection discovery persistence spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

9f2a970442b3b9551f3fc534f19b989cb24c652ca5ac2e4eea515ac6b91bf0b7.exe

Resource

win10v2004-20230703-en

predatorstealer collection discovery persistence spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

predatorstealer

C2

http://www.trackingafrica.net/cgi-admin/

Targets

- Target
  
  9f2a970442b3b9551f3fc534f19b989cb24c652ca5ac2e4eea515ac6b91bf0b7
- Size
  
  536KB
- MD5
  
  ce0d92e0c437b96373597ed18de7324e
- SHA1
  
  1695af76eda0e99b5159db064557f7c6dbd493c5
- SHA256
  
  9f2a970442b3b9551f3fc534f19b989cb24c652ca5ac2e4eea515ac6b91bf0b7
- SHA512
  
  75e6f2060c0ec516107c6987763bd90befe6cb65d97aa315d0ddd1f71c80454aed9fe5f96f1bb7e43e57470faf0583028f2562dbc3bbb9cb52f1136fc4b41226
- SSDEEP
  
  6144:X+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzbWdG/Wow7+JJUR:OPw2PjCLe3a6Q70zbYow60R
Score

10^/10

predatorstealer collection discovery persistence spyware stealer
- PredatorStealer
  Predator is a modular stealer written in C#.
  stealer predatorstealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

predatorstealer

behavioral1

predatorstealercollectiondiscoverypersistencespywarestealer

behavioral2

predatorstealercollectiondiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy