19e161f5ae3b077ea7b2a0c7e92edb240286246f82d5d0902a1d7befb561918f | Triage

Sharing

General

Target

2024-04-28_b873d770bf1a56a74c5dc3c1da875c79_bkransomware
Size

135KB
Sample

240428-t6w9gaca29
MD5

b873d770bf1a56a74c5dc3c1da875c79
SHA1

50ffe7e2b9064bf3c91d28dfdd41ad3b2735abf4
SHA256

19e161f5ae3b077ea7b2a0c7e92edb240286246f82d5d0902a1d7befb561918f
SHA512

0f62f7bca17f23eb44ca0eef34fe640855b47a2bb061f1dec0e70ba24564185832b04a620b1b4829fade6f58c3dd275dc47d942a3dffccd1fe48cd67c0692720
SSDEEP

3072:ZRpAyazIliazTWQ8hmAnHPiETJ0pxf0XV52mtC:xZ8azqfznHPDVoslwwC

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_b873d770bf1a56a74c5dc3c1da875c79_bkransomware
- Size
  
  135KB
- MD5
  
  b873d770bf1a56a74c5dc3c1da875c79
- SHA1
  
  50ffe7e2b9064bf3c91d28dfdd41ad3b2735abf4
- SHA256
  
  19e161f5ae3b077ea7b2a0c7e92edb240286246f82d5d0902a1d7befb561918f
- SHA512
  
  0f62f7bca17f23eb44ca0eef34fe640855b47a2bb061f1dec0e70ba24564185832b04a620b1b4829fade6f58c3dd275dc47d942a3dffccd1fe48cd67c0692720
- SSDEEP
  
  3072:ZRpAyazIliazTWQ8hmAnHPiETJ0pxf0XV52mtC:xZ8azqfznHPDVoslwwC
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer