052e54df0b86483f84bbff6504e202c36e7bc25885e369e830dd7086fb7c7562 | Triage

Submit
Reports

Overview

overview

Static

static

076be2c09b...29.exe

windows11-21h2-x64

0fd2b5dba8...d1.exe

windows11-21h2-x64

131d6fb920...b1.exe

windows11-21h2-x64

1c133b9bb4...fd.exe

windows11-21h2-x64

30af8d3ec6...30.exe

windows11-21h2-x64

41c9d28653...f5.exe

windows11-21h2-x64

5a0daa24b5...1f.exe

windows11-21h2-x64

630efa1e2d...ad.exe

windows11-21h2-x64

651bc82076...73.exe

windows11-21h2-x64

677bea9e71...58.exe

windows11-21h2-x64

7afefba65e...bb.exe

windows11-21h2-x64

3

817c226e42...db.dll

windows11-21h2-x64

8

a925fc1289...42.exe

windows11-21h2-x64

7

b1c5fd5c0f...ae.exe

windows11-21h2-x64

f2923f695d...7d.msi

windows11-21h2-x64

f58d2071a2...e1.exe

windows11-21h2-x64

7

Analysis

max time kernel
423s
max time network
447s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
20-12-2023 01:43

Sharing

Static task

static1

upx @esaymane redline zgrat pandastealer kutaki sectoprat

14 signatures

Behavioral task

behavioral1

Sample

076be2c09b944ec56381f42405728f7f657d2597b6e27191354568fb70170b29.exe

Resource

win11-20231215-en

windows11-21h2-x64

12 signatures

600 seconds

Behavioral task

behavioral2

Sample

0fd2b5dba8eb6762b397cf61bd9c2ff9de3eefc8eb8c4cbb1002d1b9c96fe5d1.exe

Resource

win11-20231215-en

rhadamanthys zgrat rat stealer upx

windows11-21h2-x64

19 signatures

600 seconds

Behavioral task

behavioral3

Sample

131d6fb9204ceda508075afce9b9b65e429952674e914d224268deb319a0aab1.exe

Resource

win11-20231215-en

cryptbot spyware stealer

windows11-21h2-x64

2 signatures

600 seconds

Behavioral task

behavioral4

Sample

1c133b9bb476879df8145370ce1069ec92f28cade85a839e0159158a3e1b1afd.exe

Resource

win11-20231215-en

redline zgrat infostealer rat

windows11-21h2-x64

5 signatures

600 seconds

Behavioral task

behavioral5

Sample

30af8d3ec685a4a5669f1377bb74589772a0428d9daa214c179a795dcf4b9030.exe

Resource

win11-20231215-en

shurk infostealer spyware stealer

windows11-21h2-x64

4 signatures

600 seconds

Behavioral task

behavioral6

Sample

41c9d28653704e628d8dd20e5f65a298242072156a31bc5fe0e24a1f4c640af5.exe

Resource

win11-20231215-en

kutaki keylogger stealer

windows11-21h2-x64

8 signatures

600 seconds

Behavioral task

behavioral7

Sample

5a0daa24b5748d81ba0bb78d7f2b50eb4c387ffe679c92c1462f7dec586adb1f.exe

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

600 seconds

Behavioral task

behavioral8

Sample

630efa1e2dc642799b867363bb36d1953884480ac29942a1ab20243a8a9620ad.exe

Resource

win11-20231215-en

predatorstealer collection persistence spyware stealer

windows11-21h2-x64

13 signatures

600 seconds

Behavioral task

behavioral9

Sample

651bc82076659431e06327aeb3aacef2c30bf3cfd43ae4f9bc6b4222f15bb673.exe

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

600 seconds

Behavioral task

behavioral10

Sample

677bea9e71aa3a56fe62a20580eb0786431a4789cb340a7294eb243054191c58.exe

Resource

win11-20231215-en

redline sectoprat @esaymane infostealer rat trojan

windows11-21h2-x64

4 signatures

600 seconds

Behavioral task

behavioral11

Sample

7afefba65e72f42925ba76fae9ea98286eff7d0d01dcccd07c6117384858b6bb.exe

Resource

win11-20231215-en

windows11-21h2-x64

1 signatures

600 seconds

Behavioral task

behavioral12

Sample

817c226e42f5c503325288fd8273bc03b326590f457e7a589eb34c2792d0a5db.dll

Resource

win11-20231215-en

windows11-21h2-x64

6 signatures

600 seconds

Behavioral task

behavioral13

Sample

a925fc1289573f01bb86482e38340f0fe431269aa7500d776713c71091c49142.exe

Resource

win11-20231215-en

spyware stealer

windows11-21h2-x64

1 signatures

600 seconds

Behavioral task

behavioral14

Sample

b1c5fd5c0f6a2760eb638414d9bf9b7536b81f45edbd9d509dd085346c67a6ae.exe

Resource

win11-20231215-en

windows11-21h2-x64

12 signatures

600 seconds

Behavioral task

behavioral15

Sample

f2923f695dc02132cea5c0241060dba9a35d317342675118f7b22288e78cee7d.msi

Resource

win11-20231215-en

predatorstealer collection persistence spyware stealer

windows11-21h2-x64

19 signatures

600 seconds

Behavioral task

behavioral16

Sample

f58d2071a2fdaea27d814e788e002fe5da63843546f22c255eceade162323ce1.exe

Resource

win11-20231215-en

windows11-21h2-x64

8 signatures

600 seconds

Report Analysis Logs

General

Target

a925fc1289573f01bb86482e38340f0fe431269aa7500d776713c71091c49142.exe
Size

101KB
MD5

9618523352c980cc2fdb2533e16d7b08
SHA1

c518747935e16bfa8b7e8bedb38fc37d7afa386d
SHA256

a925fc1289573f01bb86482e38340f0fe431269aa7500d776713c71091c49142
SHA512

cb68601b5f3a808b6a8a2f90b386293ba21b13ac15981ea20abd03324f2d6cb1922b2425d5fa4b66a0ab5603843dc73ee14b62c1f8206bd58569a0441a097551
SSDEEP

1536:8uxpMqqU+NV2I8ShQEBpFiAVMS4O8gOkfDiGyIUt39p3VbWL8:8iMqqDLn8SuUKIMS42fDiGyIW9dVo8

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Processes

C:\Users\Admin\AppData\Local\Temp\a925fc1289573f01bb86482e38340f0fe431269aa7500d776713c71091c49142.exe
"C:\Users\Admin\AppData\Local\Temp\a925fc1289573f01bb86482e38340f0fe431269aa7500d776713c71091c49142.exe"
1⤵
PID:4524

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4524-0-0x00000000005A0000-0x00000000005C0000-memory.dmp

Filesize
128KB

Download
memory/4524-1-0x00000000751C0000-0x0000000075971000-memory.dmp

Filesize
7.7MB

Download
memory/4524-3-0x00000000055E0000-0x0000000005646000-memory.dmp

Filesize
408KB

Download
memory/4524-2-0x0000000002830000-0x0000000002840000-memory.dmp

Filesize
64KB

Download
memory/4524-9-0x00000000057F0000-0x000000000588C000-memory.dmp

Filesize
624KB

Download
memory/4524-13-0x00000000751C0000-0x0000000075971000-memory.dmp

Filesize
7.7MB

Download
memory/4524-14-0x0000000002830000-0x0000000002840000-memory.dmp

Filesize
64KB

Download

© 2018-2024

Terms | Privacy