da6794322173ed75d83002265cd1677e453d5c01999dee040ac3db21851a51e7 | Triage

Submit
Reports

Overview

overview

Static

static

da67943221...e7.exe

windows7-x64

9

da67943221...e7.exe

windows10-2004-x64

9

Sharing

General

Target

da6794322173ed75d83002265cd1677e453d5c01999dee040ac3db21851a51e7
Size

1.8MB
Sample

240701-dz1qbavdlh
MD5

e77d4b0c2c4675c1e8e7589fb195f1a8
SHA1

bf689b569d4cd427e76462deced12465a08724e5
SHA256

da6794322173ed75d83002265cd1677e453d5c01999dee040ac3db21851a51e7
SHA512

e86b043f50cfe3ffa4bc535fd90a27a75ee08463d35ea6bbe791335842c8298f6e6aa5d68b7fcc6ba8430438be219bc8078b3bfc198619a26b1dc8e85eafa5bd
SSDEEP

49152:VVvHcjm2XthXr+JpSEBfz8leToZ7Ji+90GcC3lu77IB:TvHSbtR88e8PyGcC3A7UB

Score

10^/10

persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

da6794322173ed75d83002265cd1677e453d5c01999dee040ac3db21851a51e7.exe

Resource

win7-20240221-en

persistence spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

da6794322173ed75d83002265cd1677e453d5c01999dee040ac3db21851a51e7.exe

Resource

win10v2004-20240508-en

persistence spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  da6794322173ed75d83002265cd1677e453d5c01999dee040ac3db21851a51e7
- Size
  
  1.8MB
- MD5
  
  e77d4b0c2c4675c1e8e7589fb195f1a8
- SHA1
  
  bf689b569d4cd427e76462deced12465a08724e5
- SHA256
  
  da6794322173ed75d83002265cd1677e453d5c01999dee040ac3db21851a51e7
- SHA512
  
  e86b043f50cfe3ffa4bc535fd90a27a75ee08463d35ea6bbe791335842c8298f6e6aa5d68b7fcc6ba8430438be219bc8078b3bfc198619a26b1dc8e85eafa5bd
- SSDEEP
  
  49152:VVvHcjm2XthXr+JpSEBfz8leToZ7Ji+90GcC3lu77IB:TvHSbtR88e8PyGcC3A7UB
Score

9^/10

persistence spyware stealer
- Detects executables containing possible sandbox analysis VM usernames
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer

© 2018-2024

Terms | Privacy