e5d73714c09ee0fe864523ce30b3bd1a77190adedd278861df0a3ba22bea2d9f | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.Herz.B.21271.15275
Size

855KB
Sample

201109-s4jyyfrlma
MD5

4141eca3c3f8fef9dd9386f5a97d1730
SHA1

0dcdf961da9fe9e4b3e1e70895a9e3bea43b8487
SHA256

e5d73714c09ee0fe864523ce30b3bd1a77190adedd278861df0a3ba22bea2d9f
SHA512

9653de22a4a22e53e5c76a62dbcdfd1e67c40e61d172b085afd1bdd4e14505e70726a4a452f78865a8e2f0e7cda2589de65cd580749488758b8e39ce733e923a

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Win32.Herz.B.21271.15275
- Size
  
  855KB
- MD5
  
  4141eca3c3f8fef9dd9386f5a97d1730
- SHA1
  
  0dcdf961da9fe9e4b3e1e70895a9e3bea43b8487
- SHA256
  
  e5d73714c09ee0fe864523ce30b3bd1a77190adedd278861df0a3ba22bea2d9f
- SHA512
  
  9653de22a4a22e53e5c76a62dbcdfd1e67c40e61d172b085afd1bdd4e14505e70726a4a452f78865a8e2f0e7cda2589de65cd580749488758b8e39ce733e923a
Score

7^/10

discovery spyware stealer
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer