9effd1d916479ebfecd12f3650088aae8883eb4929835c26fe2dd3c5b7351f04

Resubmissions

22-06-2024 13:26

240622-qp2k3szdjg 10

22-06-2024 13:22

240622-qmnw7szcle 10

Analysis

max time kernel
144s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-06-2024 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
Size

280KB
MD5

681457fa460dff885eef657f166d5ef8
SHA1

44cac83393e0d6d083f0f2ae064090e2478f715b
SHA256

381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f
SHA512

369d299957327e6260f636933756054a0cd6ca78c4e585544aaac56c87fc6da8c9140e0ab0db51c601c06b95566ffa75d1f9699bc53369994eb0ab6d19eb2180
SSDEEP

6144:s068sLPlQBdpbFl37RYeuFAeQKWQcAfoOGCR/4jTHazM80WLXTT9Bvl:s068sLPlQBdpbFl3l0FAepWQcMdu+Ymt

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe

C:\Users\Admin\AppData\Local\Temp\381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
"C:\Users\Admin\AppData\Local\Temp\381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe"
1⤵
- Checks processor information in registry
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3684,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=4136 /prefetch:8
1⤵
PID:4376

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\qCahiZqyaO\_Files\_Information.txt
Filesize
1KB

MD5
d7773d3e77425e6259552b75aedd83fc

SHA1
286369825bfba080c057e7cb3434b7dabfaa45ee

SHA256
c708450b10dbe417e52d7bb3a931711a391034fc4c569cc5b037d7233de9c902

SHA512
6645d8bb56244f780f83288ec8eee698ea4f1df2f4c4d3745596298f198756db1e8f752b8841014f15a49ac886f92ec6dc646b387b7cf050a1a8c7a7a8cefc37

Download Submit
C:\Users\Admin\AppData\Local\Temp\qCahiZqyaO\_Files\_Information.txt
Filesize
7KB

MD5
850e501feb2b2db106aa0227bb93a160

SHA1
2503b55c4e16187601b9a0a495267285d30297ac

SHA256
be1f47b1ea15ef9faa284dcd9abbab3351b29620d3c15e86ee28d7bbfe9208b5

SHA512
c092fc223b7a67af0315b212ce1a1bd0f512108a9fa3d03e7c0a965ff84ab3ed172c2b7e526075ee4c1b23229b396ed343486e67d4a7c52cb3e084e1c1f7f8df

Download Submit
C:\Users\Admin\AppData\Local\Temp\qCahiZqyaO\_Files\_Screen_Desktop.jpeg
Filesize
50KB

MD5
bc269447ab9afee42505890d6b645725

SHA1
a9aaf68687860fc04b4ad005e90115f4929c9043

SHA256
05c21ebb5ce114356daae8447449d8443aaedf79b3275fa27652318ac00e3853

SHA512
7bfb0c507771e8a5277590c018aff7c3339a883086e4fc443e0e9f96135eea07046ead19c750fc10b50314cff8c6812dc88371df9ea26e0260752f5411ba0a87

Download Submit
C:\Users\Admin\AppData\Local\Temp\qCahiZqyaO\wKjGmPYRgI.zip
Filesize
44KB

MD5
c4532bcb8a9a25a9ff069ac123973d0c

SHA1
4972a697ce3ed97365b0b13509745c01de8fa1b2

SHA256
cc6faa0a615f7c06699c133057e42271fbf00c7fdb081c5cb641ee93cbc63cdb

SHA512
e46c2c1ab285e83fe913dd91d6267a13257daad40ca9cee2e27afd57dde7a245c2af901e414d43281b4c486949ea5ab5f132588791864b53cccedaef7854aee4

Download Submit