a32250efbfc4908e976adcdbf2fb4612be812b16487707e6928baba12a90cbf0 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

update_temp.exe

windows7-x64

6

update_temp.exe

windows10-2004-x64

7

update_temp.exe

windows11-21h2-x64

7

Sharing

General

Target

update_temp.exe
Size

9.2MB
Sample

240701-cxtcsawhrn
MD5

a89f46c225d8026a0ee6a490ff7b6756
SHA1

3ba733b23f8d673693e9bc02832f1160688dff5f
SHA256

a32250efbfc4908e976adcdbf2fb4612be812b16487707e6928baba12a90cbf0
SHA512

83475eb64a2a88acfd66ea5191541fcff2cca41e78dc4c4b8b950a75ba89b317125d8f88d455a459970fbbd17b61070cf2bc1e6138649ce8d2e1591f18b4168c
SSDEEP

98304:73llhT92Nb71UTyIVJfOvn5Lp9+H+GtEiHWh0u1:zMUWcW5LG+Am

Score

7^/10

spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

update_temp.exe

Resource

win7-20240508-en

windows7-x64

4 signatures

1800 seconds

Behavioral task

behavioral2

Sample

update_temp.exe

Resource

win10v2004-20240508-en

spyware stealer

windows10-2004-x64

9 signatures

1800 seconds

Behavioral task

behavioral3

Sample

update_temp.exe

Resource

win11-20240611-en

spyware stealer

windows11-21h2-x64

9 signatures

1800 seconds

Malware Config

Targets

- Target
  
  update_temp.exe
- Size
  
  9.2MB
- MD5
  
  a89f46c225d8026a0ee6a490ff7b6756
- SHA1
  
  3ba733b23f8d673693e9bc02832f1160688dff5f
- SHA256
  
  a32250efbfc4908e976adcdbf2fb4612be812b16487707e6928baba12a90cbf0
- SHA512
  
  83475eb64a2a88acfd66ea5191541fcff2cca41e78dc4c4b8b950a75ba89b317125d8f88d455a459970fbbd17b61070cf2bc1e6138649ce8d2e1591f18b4168c
- SSDEEP
  
  98304:73llhT92Nb71UTyIVJfOvn5Lp9+H+GtEiHWh0u1:zMUWcW5LG+Am
Score

7^/10

spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

© 2018-2024

Terms | Privacy