predatorstealer | 51b075e7b8e4cdc4fbfbc0975f314c8dbe132708cf4bfd401309211f6e305ba9 | Triage

Submit
Reports

Overview

overview

Static

static

VXtAzooiE.exe

windows10-2004-x64

Sharing

General

Target

VXtAzooiE.exe
Size

536KB
Sample

240504-s19ryahh8s
MD5

35a56e5bb4edb4c6a9ea41f6a0dd12e6
SHA1

21b771f649d8481f3d192723e46c1cfe344cfd98
SHA256

51b075e7b8e4cdc4fbfbc0975f314c8dbe132708cf4bfd401309211f6e305ba9
SHA512

3b8583c55516b61ed9bf129e048b8cee46e1767ce8b0a19ea13361fa25e605b7d297adaa953b440f42366c964ea54aaa8b2fe7daa4affdc3d2779840fec677c6
SSDEEP

6144:X+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzbWdG/Wow7+JJUt:OPw2PjCLe3a6Q70zbYow60t

Score

10^/10

predatorstealer collection discovery persistence spyware stealer

Static task

static1

predatorstealer

2 signatures

Behavioral task

behavioral1

Sample

VXtAzooiE.exe

Resource

win10v2004-20240226-en

predatorstealer collection discovery persistence spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

predatorstealer

C2

http://unseamed-semaphore.000webhostapp.com/

Targets

- Target
  
  VXtAzooiE.exe
- Size
  
  536KB
- MD5
  
  35a56e5bb4edb4c6a9ea41f6a0dd12e6
- SHA1
  
  21b771f649d8481f3d192723e46c1cfe344cfd98
- SHA256
  
  51b075e7b8e4cdc4fbfbc0975f314c8dbe132708cf4bfd401309211f6e305ba9
- SHA512
  
  3b8583c55516b61ed9bf129e048b8cee46e1767ce8b0a19ea13361fa25e605b7d297adaa953b440f42366c964ea54aaa8b2fe7daa4affdc3d2779840fec677c6
- SSDEEP
  
  6144:X+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzbWdG/Wow7+JJUt:OPw2PjCLe3a6Q70zbYow60t
Score

10^/10

predatorstealer collection discovery persistence spyware stealer
- PredatorStealer
  Predator is a modular stealer written in C#.
  stealer predatorstealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

predatorstealer

behavioral1

predatorstealercollectiondiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy