9effd1d916479ebfecd12f3650088aae8883eb4929835c26fe2dd3c5b7351f04

Resubmissions

22-06-2024 13:26

240622-qp2k3szdjg 10

22-06-2024 13:22

240622-qmnw7szcle 10

Analysis

max time kernel
148s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
22-06-2024 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
Size

280KB
MD5

681457fa460dff885eef657f166d5ef8
SHA1

44cac83393e0d6d083f0f2ae064090e2478f715b
SHA256

381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f
SHA512

369d299957327e6260f636933756054a0cd6ca78c4e585544aaac56c87fc6da8c9140e0ab0db51c601c06b95566ffa75d1f9699bc53369994eb0ab6d19eb2180
SSDEEP

6144:s068sLPlQBdpbFl37RYeuFAeQKWQcAfoOGCR/4jTHazM80WLXTT9Bvl:s068sLPlQBdpbFl3l0FAepWQcMdu+Ymt

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe

C:\Users\Admin\AppData\Local\Temp\381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
"C:\Users\Admin\AppData\Local\Temp\381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe"
1⤵
- Checks processor information in registry
PID:5012

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hEfjSDygSX\_Files\_Information.txt
Filesize
1KB

MD5
2041b3ea4c4ddcfa79f4a4d92b9655e6

SHA1
33878b886c82c9f94c21989d98fa9506fecb4325

SHA256
addc8a995595aa4b904b09d8f1a379c4f24cc9da90e259526b135d00250e812f

SHA512
8b1a357aeb437979a539433466d810799f85e1517704a034ec541d7a0105c807926522b2a0c376f4bd1d66d034ef18b809df58b271522cece5cba18b5da356ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\hEfjSDygSX\_Files\_Information.txt
Filesize
2KB

MD5
4935044a63505849f40af8c7f396792f

SHA1
35e2ca61ba32b1c67cb9f81827a2fb0d4275ea70

SHA256
8d3546ba2f5fad4033268d3156de75beaffb59ac03d63c4aac0dc374a1a89563

SHA512
82427512ad51464b1f3692f3241eac7210ee8a06979aef27d833e859e556f9f3c0fb73c42c24d1fbc676cac77202efa27d45e3adfa5a1495eac30f75383acc5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\hEfjSDygSX\_Files\_Information.txt
Filesize
5KB

MD5
a53e4bbb42bc309608f4f113116a30f3

SHA1
7487e4226906a50e1794e471dc5432105d212dcd

SHA256
594826a0cbbc2e331078fe9762e082ae0f18d77e3fde8cac35e6865a46f38df6

SHA512
39f8431e5c8b310d7483435d7c6d35aa39853b687b327db669f237c6a2ac70ea02b96a62444ec4ff3befc38948a6a5201afeb3610c507a6bde936cf87d7f1856

Download Submit
C:\Users\Admin\AppData\Local\Temp\hEfjSDygSX\feltjdEqsQ.zip
Filesize
43KB

MD5
c55e3eaf4d31a5bb64cf08ae5f092eb2

SHA1
1754354b682e4818942483551c65b22361f49518

SHA256
2bb69833a1a7bf5916d6dd12c6bbfb871c036fb5b0675d4dc93e374dbe6abea4

SHA512
4cf783c497b84b82760fb72a19510ade304d6ac6f8b95b4c81cf8a87cde43e3bbc1a963e29067456ce9841d48b8f8ecde690a9c705e7691e8dab7ee3fc904f5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\hEfjSDygSX\files_\screenshot.jpg
Filesize
49KB

MD5
b075a0c8bf65759edd43f5626d921e7d

SHA1
95c867fc3d5b3b5102aa4f9c4c6bcb5482f6db4e

SHA256
68b7aba78ed740766e5e70ead2c8076fedb01ebd6ade54c20fee9570e5e258a0

SHA512
bec1402477283b12dd862d09c0d4ef8e9ef5169c5fea76f279b0d5e1cca7e57c1257f2e30c92ad078bc4aa7fa476e0ad680f1aa740d101d58d6604ffe1116a63

Download Submit