e1614a878888eddb3296e856dc5f4e63a926b9e4c899cf09da12a8f477ace4cf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cmd.exe
Size

314KB
Sample

200714-ltqzrg4lts
MD5

18a13f7702d5ea5c943dab686f3d953f
SHA1

73d264dd0b8ae88cf79ab154a4e3b7bf50ae0c69
SHA256

e1614a878888eddb3296e856dc5f4e63a926b9e4c899cf09da12a8f477ace4cf
SHA512

9044ce9d4ac8e6fcfea072fc78886f561a0ddf6b2f7e8a26bbfb26b4dbba3a5be506a518eb2cca47230378c8603ad7cd510c1a975940701a5052327f46d99af6

Score

10^/10

persistence spyware

Malware Config

Targets

- Target
  
  cmd.exe
- Size
  
  314KB
- MD5
  
  18a13f7702d5ea5c943dab686f3d953f
- SHA1
  
  73d264dd0b8ae88cf79ab154a4e3b7bf50ae0c69
- SHA256
  
  e1614a878888eddb3296e856dc5f4e63a926b9e4c899cf09da12a8f477ace4cf
- SHA512
  
  9044ce9d4ac8e6fcfea072fc78886f561a0ddf6b2f7e8a26bbfb26b4dbba3a5be506a518eb2cca47230378c8603ad7cd510c1a975940701a5052327f46d99af6
Score

10^/10

persistence spyware
- Modifies system executable filetype association
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespyware

behavioral2

persistencespyware