4861efcced10e1b511aec9dd444eea4d02e4f762ba23766d2958810f0b418789 | Triage

Sharing

General

Target

2024-04-28_6d63c060e95b627e85004b27e3251301_bkransomware
Size

71KB
Sample

240428-rzrpasac4t
MD5

6d63c060e95b627e85004b27e3251301
SHA1

1881186be5d4a776b17eb9e6a8db4272d2b3417f
SHA256

4861efcced10e1b511aec9dd444eea4d02e4f762ba23766d2958810f0b418789
SHA512

afd305db38004e2fe390cc31a9a2d2c9ed7a3f73b45392d538a565c42c753a64e2494a59dbc481fb978845829605ee8009c3704883749a798cd091b46488644d
SSDEEP

1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazT2iU:ZhpAyazIlyazT2iU

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_6d63c060e95b627e85004b27e3251301_bkransomware
- Size
  
  71KB
- MD5
  
  6d63c060e95b627e85004b27e3251301
- SHA1
  
  1881186be5d4a776b17eb9e6a8db4272d2b3417f
- SHA256
  
  4861efcced10e1b511aec9dd444eea4d02e4f762ba23766d2958810f0b418789
- SHA512
  
  afd305db38004e2fe390cc31a9a2d2c9ed7a3f73b45392d538a565c42c753a64e2494a59dbc481fb978845829605ee8009c3704883749a798cd091b46488644d
- SSDEEP
  
  1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazT2iU:ZhpAyazIlyazT2iU
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer