8f787ad8df4ea3ee0c0940cf5170cccffa5c5783f065b89581de06c53a20b30c | Triage

Sharing

General

Target

eSlipgqm.exe
Size

913KB
Sample

200707-mrts3h5tfs
MD5

643d8efc8b76e065a277f18e31c22789
SHA1

402e6c201ce14042b7c70bbf733a95119d23cc87
SHA256

8f787ad8df4ea3ee0c0940cf5170cccffa5c5783f065b89581de06c53a20b30c
SHA512

3427a7fca23990c8ccbd3e638c5ffbd4b6ad7e811e22db9d9596b563d82c676a8743119428a971a2835a8d2e5e8746a358e6be89bc0642f11f5317b0734b2735

Score

7^/10

persistence spyware

Malware Config

Targets

- Target
  
  eSlipgqm.exe
- Size
  
  913KB
- MD5
  
  643d8efc8b76e065a277f18e31c22789
- SHA1
  
  402e6c201ce14042b7c70bbf733a95119d23cc87
- SHA256
  
  8f787ad8df4ea3ee0c0940cf5170cccffa5c5783f065b89581de06c53a20b30c
- SHA512
  
  3427a7fca23990c8ccbd3e638c5ffbd4b6ad7e811e22db9d9596b563d82c676a8743119428a971a2835a8d2e5e8746a358e6be89bc0642f11f5317b0734b2735
Score

7^/10

persistence spyware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistencespyware