5a38d404102e8441d24e705780889b48fd242b88867cf2debead987cf3611026 | Triage

Sharing

General

Target

2024-04-28_b56ae20acf9f0f501640d831f651c0b4_bkransomware
Size

174KB
Sample

240428-t6nbkacc3t
MD5

b56ae20acf9f0f501640d831f651c0b4
SHA1

5f51204a0d60d54e476df951f974ad33855a409e
SHA256

5a38d404102e8441d24e705780889b48fd242b88867cf2debead987cf3611026
SHA512

f79a122cc9c5eb3dd581a277aed2975b499a64cc99d6a7ee07bd5bcc4aaf30ff0baac41e64f7ce66ce555337d04411d4303368996e7a659c87ee8ae5543df62d
SSDEEP

3072:ZhpAyazIlyazTbkHdnBUGli30f7B2AO8MP0zEPTs2mJY12Bor:hZMaz+BUuFfgctEo2v1yw

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_b56ae20acf9f0f501640d831f651c0b4_bkransomware
- Size
  
  174KB
- MD5
  
  b56ae20acf9f0f501640d831f651c0b4
- SHA1
  
  5f51204a0d60d54e476df951f974ad33855a409e
- SHA256
  
  5a38d404102e8441d24e705780889b48fd242b88867cf2debead987cf3611026
- SHA512
  
  f79a122cc9c5eb3dd581a277aed2975b499a64cc99d6a7ee07bd5bcc4aaf30ff0baac41e64f7ce66ce555337d04411d4303368996e7a659c87ee8ae5543df62d
- SSDEEP
  
  3072:ZhpAyazIlyazTbkHdnBUGli30f7B2AO8MP0zEPTs2mJY12Bor:hZMaz+BUuFfgctEo2v1yw
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer