b0aaacb6ed6e7800a9e260391e5871731fa59ce5e5abe65363ec8cbb6a4de3a1 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

winprofile

windows7-x64

3

winprofile

windows10-1703-x64

7

Sharing

General

Target

b0aaacb6ed6e7800a9e260391e5871731fa59ce5e5abe65363ec8cbb6a4de3a1
Size

646KB
Sample

240701-fryxvsxbme
MD5

f687c1a1aba1626602fd229279f24c16
SHA1

00dd0e53b4bdb62c3e3a54a152581d34b345d70c
SHA256

b0aaacb6ed6e7800a9e260391e5871731fa59ce5e5abe65363ec8cbb6a4de3a1
SHA512

2ce6fb71c993e20bf2ff7b80feb66c59d0fd013e43e2b8c360151841ea29701a2612d0efa16356c2d53bca3e6335f7d0edadf38aab0b8a8ecac07685c37a8f29
SSDEEP

12288:gZ8zaXP1KYzfoQqCgun6lRmpifKKUaZgnNIYH5J+LvE004zb8:gI0P1XfinI6DvfKKUegNd/Ec004

Score

7^/10

discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b0aaacb6ed6e7800a9e260391e5871731fa59ce5e5abe65363ec8cbb6a4de3a1.exe

Resource

win7-20240508-en

windows7-x64

2 signatures

300 seconds

Behavioral task

behavioral2

Sample

b0aaacb6ed6e7800a9e260391e5871731fa59ce5e5abe65363ec8cbb6a4de3a1.exe

Resource

win10-20240404-en

discovery spyware stealer

windows10-1703-x64

7 signatures

300 seconds

Malware Config

Targets

- Target
  
  b0aaacb6ed6e7800a9e260391e5871731fa59ce5e5abe65363ec8cbb6a4de3a1
- Size
  
  646KB
- MD5
  
  f687c1a1aba1626602fd229279f24c16
- SHA1
  
  00dd0e53b4bdb62c3e3a54a152581d34b345d70c
- SHA256
  
  b0aaacb6ed6e7800a9e260391e5871731fa59ce5e5abe65363ec8cbb6a4de3a1
- SHA512
  
  2ce6fb71c993e20bf2ff7b80feb66c59d0fd013e43e2b8c360151841ea29701a2612d0efa16356c2d53bca3e6335f7d0edadf38aab0b8a8ecac07685c37a8f29
- SSDEEP
  
  12288:gZ8zaXP1KYzfoQqCgun6lRmpifKKUaZgnNIYH5J+LvE004zb8:gI0P1XfinI6DvfKKUegNd/Ec004
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy