33668692ad696856f95471e2b2834d75ff6ab285fe1a5d9098d340362e127454 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

WinThruster/En.chm

windows7-x64

1

WinThruster/En.chm

windows10-2004-x64

1

WinThruste...ge.url

windows7-x64

6

WinThruste...ge.url

windows10-2004-x64

3

WinThruste...ns.exe

windows7-x64

7

WinThruste...ns.exe

windows10-2004-x64

7

WinThruste...er.exe

windows7-x64

7

WinThruste...er.exe

windows10-2004-x64

7

WinThruste...e3.dll

windows7-x64

3

WinThruste...e3.dll

windows10-2004-x64

3

WinThruste...00.exe

windows7-x64

7

WinThruste...00.exe

windows10-2004-x64

7

Sharing

General

Target

b2f547ccd7c5b9990bf95ee054717a6e.bin
Size

7.1MB
Sample

240701-dpby7sxglq
MD5

b2f547ccd7c5b9990bf95ee054717a6e
SHA1

8c7c965c5a69f56b419834cdea0e5fa64447fb4a
SHA256

33668692ad696856f95471e2b2834d75ff6ab285fe1a5d9098d340362e127454
SHA512

9cee343b1ec132cb4fb3b0dd3889bc94186f22057e668a15c12aeb1c80e5d3ea598776805a5737e2f00626e35796517cde9141cde0b7b80fd0776900477d26c0
SSDEEP

196608:vZdmQFFxXJhg4Wps/D6YnSCT7Ucn2jzlpn0XEB34JOrMLij:v3vb9Jh8a/XSCT7vnkt0XEBoJefj

Score

7^/10

discovery evasion spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

WinThruster/En.chm

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

WinThruster/En.chm

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

WinThruster/HomePage.url

Resource

win7-20240508-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral4

Sample

WinThruster/HomePage.url

Resource

win10v2004-20240508-en

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral5

Sample

WinThruster/WTNotifications.exe

Resource

win7-20240419-en

discovery spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral6

Sample

WinThruster/WTNotifications.exe

Resource

win10v2004-20240226-en

discovery spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral7

Sample

WinThruster/WinThruster.exe

Resource

win7-20240508-en

spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral8

Sample

WinThruster/WinThruster.exe

Resource

win10v2004-20240508-en

spyware stealer

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral9

Sample

WinThruster/sqlite3.dll

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral10

Sample

WinThruster/sqlite3.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral11

Sample

WinThruster/unins000.exe

Resource

win7-20240508-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral12

Sample

WinThruster/unins000.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  WinThruster/En.chm
- Size
  
  31KB
- MD5
  
  724cf2afeefd842a815669062aa16cb9
- SHA1
  
  3e2f911d81322f5eafe51a230b2b523880a185ec
- SHA256
  
  cd5713c1e3320de532c28b46b717fca625505022913b260ff0baf8bb89dd6e20
- SHA512
  
  16566d7140e6b9c18c9a828771db0dd1b92558d4e2f5b34e5c824f45c5114d614e943d021d801ec09f50572a7ece94cfb49f7b6a453f95331321005062221a89
- SSDEEP
  
  384:Gq9OmDIGVxnqo6UvYqBbmoZcKNbuOS1MX0jW6ciPZHRWcN/LxUkM8oJx+ob:GYSGVxqEjcKNiT1fW6p9Qc9jMnD+ob
Score

1^/10
behavioral1 behavioral2
- Target
  
  WinThruster/HomePage.url
- Size
  
  65B
- MD5
  
  456529ff5b26d7914403289956523ee5
- SHA1
  
  ce17c42ba1c3aa90eacde992f33ac1654b3f7583
- SHA256
  
  74c7175c6d1ba8416f2784f0b33f8bc115bd01cd9cd8c170254f83798cc986e6
- SHA512
  
  9004567377137b2123dec4f6b18fee72fbf06d5566e41b0e8eb344b13b6d6e23c633c54598d26687bb4a19aabc30b877e69d53f35fab36ee4fb78b48b77d0387
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral3 behavioral4
- Target
  
  WinThruster/WTNotifications.exe
- Size
  
  5.0MB
- MD5
  
  345e6d136cfac7ac714b656edc79fbac
- SHA1
  
  fbe6652820b56b6bd60b3d9c4576d675bba9bb80
- SHA256
  
  7b651e5314f37d4549b32d8d31f2a5e1a8f7009a0586d6a18e2d6e89af409c17
- SHA512
  
  14eda77de0540d6733d65bbdcd9f784c0af839029db3e0cd4df82b47c4c5e65b6fac7f0d6f7e600b6672fe43cfcca4b8a770e96341c1db6d4e0bca68caf4c176
- SSDEEP
  
  98304:2ytMqwN4peTJrIrJ79BOL2v8lZwFRdpOJ9RD2Fp/p:k4kOELZ/ApOXRD2L/p
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  WinThruster/WinThruster.exe
- Size
  
  10.3MB
- MD5
  
  89b970cb172b86730c76c3df31551767
- SHA1
  
  0ae55b3a41e4fc1c3074dbb738065ac4cd2309e5
- SHA256
  
  7e97fe6c675e5842f38514056b2c3c7a928185f4dd2cdd97cd0d0ee4d5d319fd
- SHA512
  
  18b0416e3120e1554845153f988a5757e3d03605e729450f93393611566cbc6f904b9acae6ffabafdef673c2d1b4b77fb688f27ab7437eec5428fb48aad246ba
- SSDEEP
  
  98304:RDw3Ni9wMMTis0Vu2KKHGAmm3X+A3G8ZyUC3EQED2enKAcOe9z3eH4l40Mffh/b:G3Ni9zzFmmBgUUk9MOe9yObMXh/b
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral7 behavioral8
- Target
  
  WinThruster/sqlite3.dll
- Size
  
  1.1MB
- MD5
  
  fdf0245a035f89de1af8a2091258c9ac
- SHA1
  
  78536c09808a207f45e901f14de5b038aabaede3
- SHA256
  
  6120e410ff9e5cad41b47cd5fcb23cc3f8bd8f505a86e158c578e15869489367
- SHA512
  
  4bd214bc4dbd749a429e1753c59c395344607884e20cfa3e1c0dde655e2c6c1e49ab5388e70112e83c7c71b005a985019e39bb00c1e5c1b8e90b5a3d6219e1c3
- SSDEEP
  
  24576:co0tp6E0MfgukNyOyf9OWCkdKkuyvrpSmgfWCpg7:co2ttkwBf9OFkskuyvrprF
Score

3^/10
behavioral10 behavioral9
- Target
  
  WinThruster/unins000.exe
- Size
  
  3.1MB
- MD5
  
  b0e00a066ca1d50cd7e20e89ae392070
- SHA1
  
  ca272060ab5cce765849e482f663d2d6d14cb8e9
- SHA256
  
  23ac412357b91ca18622d1e10762ef4aa6f056711bafd01f7ee5b989a2d1f599
- SHA512
  
  507026af984db33ab06477d17634bf9eb120c340e02049a9908380d175a77051e4c483f605b1015eea5f15a8808ab9b477f2e76f834272c346d0abb535e756ee
- SSDEEP
  
  49152:aEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTVM3338O:q92bz2Eb6pd7B6bAGx7C333T
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral11 behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

discoveryspywarestealer

behavioral6

discoveryspywarestealer

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

© 2018-2024

Terms | Privacy