ef2d13b1e43fdf1acd0237e797b43a88aef668c3160e054fb92cd8ae1dfb87ab | Triage

Sharing

General

Target

2024-04-28_4bc9ffb3e40815e89c46e511821a207b_bkransomware
Size

73KB
Sample

240428-l3p2zsdb62
MD5

4bc9ffb3e40815e89c46e511821a207b
SHA1

7dba7735b3a9b3534187975c4fa9cb87d1f11412
SHA256

ef2d13b1e43fdf1acd0237e797b43a88aef668c3160e054fb92cd8ae1dfb87ab
SHA512

14ecd188c3d9d262fd04c5d18e47a40c73d7d8f96735bc1ab7da3cda0bb260924f1a0262753a214fb0532460912a96f59c1858f2bef217625bae32f035080ae2
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTWB:ZRpAyazIliazTm

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_4bc9ffb3e40815e89c46e511821a207b_bkransomware
- Size
  
  73KB
- MD5
  
  4bc9ffb3e40815e89c46e511821a207b
- SHA1
  
  7dba7735b3a9b3534187975c4fa9cb87d1f11412
- SHA256
  
  ef2d13b1e43fdf1acd0237e797b43a88aef668c3160e054fb92cd8ae1dfb87ab
- SHA512
  
  14ecd188c3d9d262fd04c5d18e47a40c73d7d8f96735bc1ab7da3cda0bb260924f1a0262753a214fb0532460912a96f59c1858f2bef217625bae32f035080ae2
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTWB:ZRpAyazIliazTm
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer