Analysis
-
max time kernel
148s -
max time network
146s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
22-06-2024 13:26
Behavioral task
behavioral1
Sample
381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
Resource
win10v2004-20240508-en
General
-
Target
381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
-
Size
280KB
-
MD5
681457fa460dff885eef657f166d5ef8
-
SHA1
44cac83393e0d6d083f0f2ae064090e2478f715b
-
SHA256
381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f
-
SHA512
369d299957327e6260f636933756054a0cd6ca78c4e585544aaac56c87fc6da8c9140e0ab0db51c601c06b95566ffa75d1f9699bc53369994eb0ab6d19eb2180
-
SSDEEP
6144:s068sLPlQBdpbFl37RYeuFAeQKWQcAfoOGCR/4jTHazM80WLXTT9Bvl:s068sLPlQBdpbFl3l0FAepWQcMdu+Ymt
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\hEfjSDygSX\_Files\_Information.txtFilesize
1KB
MD52041b3ea4c4ddcfa79f4a4d92b9655e6
SHA133878b886c82c9f94c21989d98fa9506fecb4325
SHA256addc8a995595aa4b904b09d8f1a379c4f24cc9da90e259526b135d00250e812f
SHA5128b1a357aeb437979a539433466d810799f85e1517704a034ec541d7a0105c807926522b2a0c376f4bd1d66d034ef18b809df58b271522cece5cba18b5da356ec
-
C:\Users\Admin\AppData\Local\Temp\hEfjSDygSX\_Files\_Information.txtFilesize
2KB
MD54935044a63505849f40af8c7f396792f
SHA135e2ca61ba32b1c67cb9f81827a2fb0d4275ea70
SHA2568d3546ba2f5fad4033268d3156de75beaffb59ac03d63c4aac0dc374a1a89563
SHA51282427512ad51464b1f3692f3241eac7210ee8a06979aef27d833e859e556f9f3c0fb73c42c24d1fbc676cac77202efa27d45e3adfa5a1495eac30f75383acc5e
-
C:\Users\Admin\AppData\Local\Temp\hEfjSDygSX\_Files\_Information.txtFilesize
5KB
MD5a53e4bbb42bc309608f4f113116a30f3
SHA17487e4226906a50e1794e471dc5432105d212dcd
SHA256594826a0cbbc2e331078fe9762e082ae0f18d77e3fde8cac35e6865a46f38df6
SHA51239f8431e5c8b310d7483435d7c6d35aa39853b687b327db669f237c6a2ac70ea02b96a62444ec4ff3befc38948a6a5201afeb3610c507a6bde936cf87d7f1856
-
C:\Users\Admin\AppData\Local\Temp\hEfjSDygSX\feltjdEqsQ.zipFilesize
43KB
MD5c55e3eaf4d31a5bb64cf08ae5f092eb2
SHA11754354b682e4818942483551c65b22361f49518
SHA2562bb69833a1a7bf5916d6dd12c6bbfb871c036fb5b0675d4dc93e374dbe6abea4
SHA5124cf783c497b84b82760fb72a19510ade304d6ac6f8b95b4c81cf8a87cde43e3bbc1a963e29067456ce9841d48b8f8ecde690a9c705e7691e8dab7ee3fc904f5a
-
C:\Users\Admin\AppData\Local\Temp\hEfjSDygSX\files_\screenshot.jpgFilesize
49KB
MD5b075a0c8bf65759edd43f5626d921e7d
SHA195c867fc3d5b3b5102aa4f9c4c6bcb5482f6db4e
SHA25668b7aba78ed740766e5e70ead2c8076fedb01ebd6ade54c20fee9570e5e258a0
SHA512bec1402477283b12dd862d09c0d4ef8e9ef5169c5fea76f279b0d5e1cca7e57c1257f2e30c92ad078bc4aa7fa476e0ad680f1aa740d101d58d6604ffe1116a63