8781094b53864d227fa1023e05d5b1249b9ee7424389bf9228dce175a8d210f8 | Triage

Sharing

General

Target

2024-04-28_27952827f6c6916b3fde803a189d7d39_bkransomware
Size

71KB
Sample

240428-ly893ada78
MD5

27952827f6c6916b3fde803a189d7d39
SHA1

ba0acacf2c2e4d84c528ed61eaf8f87305d44bfa
SHA256

8781094b53864d227fa1023e05d5b1249b9ee7424389bf9228dce175a8d210f8
SHA512

da69379a177eee6ee920c22ea98685de37d71c51f371c1b565829169dd8abb03387192d7adbeae561362f70cfb5a91cd24da2c87d9063364efa6c5d3472218dc
SSDEEP

1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTQ:ZhpAyazIlyazTQ

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_27952827f6c6916b3fde803a189d7d39_bkransomware
- Size
  
  71KB
- MD5
  
  27952827f6c6916b3fde803a189d7d39
- SHA1
  
  ba0acacf2c2e4d84c528ed61eaf8f87305d44bfa
- SHA256
  
  8781094b53864d227fa1023e05d5b1249b9ee7424389bf9228dce175a8d210f8
- SHA512
  
  da69379a177eee6ee920c22ea98685de37d71c51f371c1b565829169dd8abb03387192d7adbeae561362f70cfb5a91cd24da2c87d9063364efa6c5d3472218dc
- SSDEEP
  
  1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTQ:ZhpAyazIlyazTQ
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer