8dfacbe806ffc52a89148a1342ff2ecb782e42a9908a7a2fa93d19f67657402c | Triage

Sharing

General

Target

8dfacbe806ffc52a89148a1342ff2ecb782e42a9908a7a2fa93d19f67657402c
Size

130KB
Sample

240428-rl6w3ahh5w
MD5

d4efb450202116520633242e48bf45ec
SHA1

0408e04af4642c2423019bff7f588b8e31dc72f9
SHA256

8dfacbe806ffc52a89148a1342ff2ecb782e42a9908a7a2fa93d19f67657402c
SHA512

8acf93cd4e7a0d872c2e49239cc7cc646210a4a569d54c43d218aad932db6989cafc5588f6734b398e4b8dd4add63986f40582ce348d4b04c467ef277d290a1e
SSDEEP

1536:/qbSe+Zk78NR3dN5nPWR8Bftg+9t/p4QAILJuCOPdvX/ZWOtnGWxlP:/3e+a+3dN5nvgmJAIlwPxX/ZWOFrb

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  8dfacbe806ffc52a89148a1342ff2ecb782e42a9908a7a2fa93d19f67657402c
- Size
  
  130KB
- MD5
  
  d4efb450202116520633242e48bf45ec
- SHA1
  
  0408e04af4642c2423019bff7f588b8e31dc72f9
- SHA256
  
  8dfacbe806ffc52a89148a1342ff2ecb782e42a9908a7a2fa93d19f67657402c
- SHA512
  
  8acf93cd4e7a0d872c2e49239cc7cc646210a4a569d54c43d218aad932db6989cafc5588f6734b398e4b8dd4add63986f40582ce348d4b04c467ef277d290a1e
- SSDEEP
  
  1536:/qbSe+Zk78NR3dN5nPWR8Bftg+9t/p4QAILJuCOPdvX/ZWOtnGWxlP:/3e+a+3dN5nvgmJAIlwPxX/ZWOFrb
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2