9effd1d916479ebfecd12f3650088aae8883eb4929835c26fe2dd3c5b7351f04

Resubmissions

22-06-2024 13:26

240622-qp2k3szdjg 10

22-06-2024 13:22

240622-qmnw7szcle 10

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-06-2024 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
Size

280KB
MD5

681457fa460dff885eef657f166d5ef8
SHA1

44cac83393e0d6d083f0f2ae064090e2478f715b
SHA256

381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f
SHA512

369d299957327e6260f636933756054a0cd6ca78c4e585544aaac56c87fc6da8c9140e0ab0db51c601c06b95566ffa75d1f9699bc53369994eb0ab6d19eb2180
SSDEEP

6144:s068sLPlQBdpbFl37RYeuFAeQKWQcAfoOGCR/4jTHazM80WLXTT9Bvl:s068sLPlQBdpbFl3l0FAepWQcMdu+Ymt

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe

C:\Users\Admin\AppData\Local\Temp\381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
"C:\Users\Admin\AppData\Local\Temp\381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe"
1⤵
- Checks processor information in registry
PID:4312

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\liqWJFKElRlYo\FwAoEZesdnBE.zip
Filesize
47KB

MD5
a6f2e3b9c4ad6d7c7d3715fc24b59153

SHA1
9eef2e39242af75aa62ac5023ae20a99fc6caa89

SHA256
004abde52772d69934ebf4b4523ff469d2e9dfeb46738ce7c6d5b328300dbc6b

SHA512
61de872d1d8628fa2d5a7a5c5ec870c75bff1729e946f307c7e2980d4c125af35cfbb4a8233fa823cdd88bbd5df38d861f8701e970a3b3d73735a87406d0cd73

Download Submit
C:\Users\Admin\AppData\Local\Temp\liqWJFKElRlYo\_Files\_Information.txt
Filesize
1KB

MD5
db1bd3b75b90755125c073ff512a1942

SHA1
59a7ce1ebf1192035329676cbc942e5e30d6825d

SHA256
d8b4735754b73b90da12834d57e910858f124d19b923578abe48a3e17792c88e

SHA512
656c1a035338b017bd7f11e8783678f9fb5ac283e67bde6d0229e0140566d885c1931c74f35ac78891b7f01b7299b75eea0fe6bfe5aa5f01fefee2085ad30096

Download Submit
C:\Users\Admin\AppData\Local\Temp\liqWJFKElRlYo\_Files\_Information.txt
Filesize
1KB

MD5
6df89ee66099bdda3c7ac362e8519791

SHA1
14f747816d864e52906e6e5767cb117c0ef2bcb7

SHA256
b959e0e87b40356818ee4141596fa51d33b4f4bb17d6b5d65b24ed9d9afc90d0

SHA512
e4b59c555a91c725644ad7896f577eae6575e34555e9c9333a75a64691e7a8c6f57d3b4676cdc37b6df48154f7e2c3481d4cf0e6616f3e48588a4362f243b6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\liqWJFKElRlYo\_Files\_Information.txt
Filesize
3KB

MD5
719c9207f310a20e0aedee74ac5c4f8e

SHA1
8d1478b8d92d1d3dbf78402146df741dc10248a6

SHA256
14d043b97cbd7275bf9c07535d8c6da15ca6fa8f7fff7ea3fa4297d1192a0b1c

SHA512
24429841fdfb84d0dd4d29251d215c72a28fac22c7aae273960c252f1eeb73d6d5fcc9ef6cf0fa974c87466f3e4422b3916c210da6de10ed89e18fdf705f6a80

Download Submit
C:\Users\Admin\AppData\Local\Temp\liqWJFKElRlYo\_Files\_Information.txt
Filesize
3KB

MD5
28589bf13140eff393fc7fc3e8754029

SHA1
2a17d849c8192bae2cdc86dec3cd685515414a84

SHA256
4762413b77ffac04b5af6f42971d6c48c20fefc06d9120d0a50a346c4b14e51f

SHA512
4908f72d81cdb07a452c5cc24f2c1ad4a3df068b35367129d2d0ba5f7499a241e4df325ebd413e770b824ec31e87867d50e36707f6abd587b52b07d8dd032f09

Download Submit
C:\Users\Admin\AppData\Local\Temp\liqWJFKElRlYo\_Files\_Information.txt
Filesize
5KB

MD5
56fcd8ebaafa0553c865b55bf56e5b80

SHA1
58decd0b8a99cd994b23b6ba967bc39037af538e

SHA256
bbe6349449300bd84c5929258b4bc8d67710ec41053e1895809755b99b6bcba2

SHA512
b5f61fbd44114b2709c1b6947e1cd42b0a6b46400688f615fc108eab638e2bd053013c008b7b1ed241d4e2ca46cad437f1d65d54dbef14f50a62482884a01d14

Download Submit
C:\Users\Admin\AppData\Local\Temp\liqWJFKElRlYo\_Files\_Screen_Desktop.jpeg
Filesize
53KB

MD5
0bc6a56b9e5c835bbdf5770d4ca173c2

SHA1
a08cd07f3d01d722e8dfcdae66c28f21486c73c6

SHA256
4cc8231b5e20379c764470872d2d5fd423615f25f097379dd93abd604fcd1df9

SHA512
71bdf817e94a0a41ea0257e9d3e8daa65e6a4f0b47d37e6331195687ddb49e154f68ec1c03d3fc8bccda21bca4dff1f72fe90b721e3ce97fedbeb9e3507ebe14

Download Submit