cda5836b6fed840baf84ba54ed27a3451d1a278b0babf58a7c715be8e56ebce6 | Triage

Submit
Reports

Overview

overview

Static

static

cda5836b6f...e6.exe

windows7-x64

9

cda5836b6f...e6.exe

windows10-2004-x64

9

Sharing

General

Target

cda5836b6fed840baf84ba54ed27a3451d1a278b0babf58a7c715be8e56ebce6
Size

756KB
Sample

240701-dcmvyaxdpp
MD5

e32d2d072fda33166930996dc2a43420
SHA1

6fe1ecd953a8194d92c3f1b0864a23eae45e4b2a
SHA256

cda5836b6fed840baf84ba54ed27a3451d1a278b0babf58a7c715be8e56ebce6
SHA512

ca1833840db692f747ae3d840c1c842964c619af0db27206d4bd7e9ce1821bb3bde437d6e2046af11e2e780c3475250fdd5d2a1c01f28efd6b14fdef212e0523
SSDEEP

12288:A//vi9B32pewJgj832UaMjNtYvWpKjaZZB+N7jvp76jWYu1uVgbqt/ctYvtf6Hp+:2wCv3HaMBtLpK6mdt76vVg+JctYIl4xr

Score

10^/10

persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

cda5836b6fed840baf84ba54ed27a3451d1a278b0babf58a7c715be8e56ebce6.exe

Resource

win7-20240508-en

persistence spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

cda5836b6fed840baf84ba54ed27a3451d1a278b0babf58a7c715be8e56ebce6.exe

Resource

win10v2004-20240508-en

persistence spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  cda5836b6fed840baf84ba54ed27a3451d1a278b0babf58a7c715be8e56ebce6
- Size
  
  756KB
- MD5
  
  e32d2d072fda33166930996dc2a43420
- SHA1
  
  6fe1ecd953a8194d92c3f1b0864a23eae45e4b2a
- SHA256
  
  cda5836b6fed840baf84ba54ed27a3451d1a278b0babf58a7c715be8e56ebce6
- SHA512
  
  ca1833840db692f747ae3d840c1c842964c619af0db27206d4bd7e9ce1821bb3bde437d6e2046af11e2e780c3475250fdd5d2a1c01f28efd6b14fdef212e0523
- SSDEEP
  
  12288:A//vi9B32pewJgj832UaMjNtYvWpKjaZZB+N7jvp76jWYu1uVgbqt/ctYvtf6Hp+:2wCv3HaMBtLpK6mdt76vVg+JctYIl4xr
Score

9^/10

persistence spyware stealer
- Detects executables containing possible sandbox analysis VM usernames
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer

© 2018-2024

Terms | Privacy