d959ab3ffc54e02792ddc39c6109e1e72a3e48937c225c06f7692bb4f3ffd888 | Triage

Sharing

General

Target

79b7b9cc898ec6a19baa53da2018113b.exe
Size

47KB
Sample

200711-brt8l17exa
MD5

79b7b9cc898ec6a19baa53da2018113b
SHA1

5b9ccd21b0ba8dc8c8540a74a2dac3a1bade50aa
SHA256

d959ab3ffc54e02792ddc39c6109e1e72a3e48937c225c06f7692bb4f3ffd888
SHA512

8aa5ea16f32a5a582a041168e6fc341039c95fe7cf55740ff8a17c4d06e574264193a3ac7d60cadae6949eb7ceca813bffdc002ca5bd4beac324feeb2a65355c

Score

8^/10

discovery spyware

Malware Config

Targets

- Target
  
  79b7b9cc898ec6a19baa53da2018113b.exe
- Size
  
  47KB
- MD5
  
  79b7b9cc898ec6a19baa53da2018113b
- SHA1
  
  5b9ccd21b0ba8dc8c8540a74a2dac3a1bade50aa
- SHA256
  
  d959ab3ffc54e02792ddc39c6109e1e72a3e48937c225c06f7692bb4f3ffd888
- SHA512
  
  8aa5ea16f32a5a582a041168e6fc341039c95fe7cf55740ff8a17c4d06e574264193a3ac7d60cadae6949eb7ceca813bffdc002ca5bd4beac324feeb2a65355c
Score

8^/10

discovery spyware
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks for installed software on the system
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryspyware