Overview

overview

7

Static

static

3

bea95bebec...cf.exe

windows7-x64

7

bea95bebec...cf.exe

windows10-2004-x64

7

$TEMP/mcwsazmq.exe

windows7-x64

7

$TEMP/mcwsazmq.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c6a1317b6ddf6c11ec34f3e3240b3c7.bin

  • Size

    90KB

  • Sample

    240701-c8ry4atenh

  • MD5

    9c6a1317b6ddf6c11ec34f3e3240b3c7

  • SHA1

    dfe8c4b0bce6a48bf4ed21fdab8c4b5e9c59d2ce

  • SHA256

    947ae5e40254363d6bdf8007a5aaffe43a8fc43c5ae4608192c9ea248459baca

  • SHA512

    7850cd937d85d1efdfb87963571ec9d94d8cc9f840f76a07c5b1d3fb669ec25b644ce1c14c1cdcc9e0c14a4814412e3c9b29b38cf372038499d0f05071187575

  • SSDEEP

    1536:CemCP8Y1B61HXMC6SBizXyTGqymzUr2ovP0aTh/Ld63qSMZNWWZUVVvVSP4hn4vF:rp1BO8IWCGqPzUrTvRdOqSuajoPnF

Score
7/10
persistencespywarestealerupx

Malware Config

Targets

    • Target

      bea95bebec95e0893a845f62e832d7cf.exe.ViR

    • Size

      100KB

    • MD5

      bea95bebec95e0893a845f62e832d7cf

    • SHA1

      5f1f00e5ec9f2749bd0a9b86d15c16c1060f6325

    • SHA256

      4de43073c112cf665ab5c3c930fedb747c435625c93b3775a4b2da5f7e736733

    • SHA512

      8c29f6535faaccf0a2fbd7f649fc01006ea673b3b12a3e50f97aafa9313ae5371e11be9b545c6a768270abe63fb865c52ba0944730b741186b721c9bf0a08e8a

    • SSDEEP

      1536:6pgpHzb9dZVX9fHMvG0D3XJcMZxshYdgOzLXehOTJHCyScYFwv5SZUsZMegnT8:4gXdZt9P6D3XJcMXhWaJi7maRgo

    Score
    7/10
    persistencespywarestealerupx

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $TEMP/mcwsazmq.exe

    • Size

      52KB

    • MD5

      0873780720fd754eaf235d73916adb56

    • SHA1

      49144dbbe672b2eb5ad37690889e9fa50e486497

    • SHA256

      c44a22c3498393a89472f0cbc49d65813ce190da040f41b66acd042669652e5f

    • SHA512

      91dd10488f78a4d2bfbca27522e47d2ca346dd5faf6cc3b39421a0d23a573ecb2ecae9e89857e0bbae2f31c6ca8ba84a0c413217bd31fbc915f058fd47444ea2

    • SSDEEP

      384:irEqWWO2kBRr0ZmJ8ZbhhVdVszow6smgbfRv:p0qBRQZm03dVwfmIv

    Score
    7/10
    persistencespywarestealerupx

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

4
T1112

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks