Analysis
-
max time kernel
144s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-06-2024 13:22
Behavioral task
behavioral1
Sample
381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
Resource
win7-20240508-en
General
-
Target
381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
-
Size
280KB
-
MD5
681457fa460dff885eef657f166d5ef8
-
SHA1
44cac83393e0d6d083f0f2ae064090e2478f715b
-
SHA256
381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f
-
SHA512
369d299957327e6260f636933756054a0cd6ca78c4e585544aaac56c87fc6da8c9140e0ab0db51c601c06b95566ffa75d1f9699bc53369994eb0ab6d19eb2180
-
SSDEEP
6144:s068sLPlQBdpbFl37RYeuFAeQKWQcAfoOGCR/4jTHazM80WLXTT9Bvl:s068sLPlQBdpbFl3l0FAepWQcMdu+Ymt
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe"C:\Users\Admin\AppData\Local\Temp\381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe"1⤵
- Checks processor information in registry
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3684,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=4136 /prefetch:81⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\qCahiZqyaO\_Files\_Information.txtFilesize
1KB
MD5d7773d3e77425e6259552b75aedd83fc
SHA1286369825bfba080c057e7cb3434b7dabfaa45ee
SHA256c708450b10dbe417e52d7bb3a931711a391034fc4c569cc5b037d7233de9c902
SHA5126645d8bb56244f780f83288ec8eee698ea4f1df2f4c4d3745596298f198756db1e8f752b8841014f15a49ac886f92ec6dc646b387b7cf050a1a8c7a7a8cefc37
-
C:\Users\Admin\AppData\Local\Temp\qCahiZqyaO\_Files\_Information.txtFilesize
7KB
MD5850e501feb2b2db106aa0227bb93a160
SHA12503b55c4e16187601b9a0a495267285d30297ac
SHA256be1f47b1ea15ef9faa284dcd9abbab3351b29620d3c15e86ee28d7bbfe9208b5
SHA512c092fc223b7a67af0315b212ce1a1bd0f512108a9fa3d03e7c0a965ff84ab3ed172c2b7e526075ee4c1b23229b396ed343486e67d4a7c52cb3e084e1c1f7f8df
-
C:\Users\Admin\AppData\Local\Temp\qCahiZqyaO\_Files\_Screen_Desktop.jpegFilesize
50KB
MD5bc269447ab9afee42505890d6b645725
SHA1a9aaf68687860fc04b4ad005e90115f4929c9043
SHA25605c21ebb5ce114356daae8447449d8443aaedf79b3275fa27652318ac00e3853
SHA5127bfb0c507771e8a5277590c018aff7c3339a883086e4fc443e0e9f96135eea07046ead19c750fc10b50314cff8c6812dc88371df9ea26e0260752f5411ba0a87
-
C:\Users\Admin\AppData\Local\Temp\qCahiZqyaO\wKjGmPYRgI.zipFilesize
44KB
MD5c4532bcb8a9a25a9ff069ac123973d0c
SHA14972a697ce3ed97365b0b13509745c01de8fa1b2
SHA256cc6faa0a615f7c06699c133057e42271fbf00c7fdb081c5cb641ee93cbc63cdb
SHA512e46c2c1ab285e83fe913dd91d6267a13257daad40ca9cee2e27afd57dde7a245c2af901e414d43281b4c486949ea5ab5f132588791864b53cccedaef7854aee4