207be23ccd62d0e3d9aefe12f5c2ab142a42a25b1e246e27e0ae9087c2fe96d3 | Triage

Sharing

General

Target

68e2ff114060c1bfc6d2398b860e70b0.exe
Size

1.3MB
Sample

210408-k3g6l3zcx2
MD5

68e2ff114060c1bfc6d2398b860e70b0
SHA1

8540e7baf664d115f9f7020ab61d73a80773d4cb
SHA256

207be23ccd62d0e3d9aefe12f5c2ab142a42a25b1e246e27e0ae9087c2fe96d3
SHA512

dcff2bc1df0595c1b1fbfa09a4633253d9b16ce02f9733c9982b797ff4fb7fb345219ca3780ad259ecce83ab89a5f87c861dce70dfa23ce06c9739a9861bc509

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  68e2ff114060c1bfc6d2398b860e70b0.exe
- Size
  
  1.3MB
- MD5
  
  68e2ff114060c1bfc6d2398b860e70b0
- SHA1
  
  8540e7baf664d115f9f7020ab61d73a80773d4cb
- SHA256
  
  207be23ccd62d0e3d9aefe12f5c2ab142a42a25b1e246e27e0ae9087c2fe96d3
- SHA512
  
  dcff2bc1df0595c1b1fbfa09a4633253d9b16ce02f9733c9982b797ff4fb7fb345219ca3780ad259ecce83ab89a5f87c861dce70dfa23ce06c9739a9861bc509
Score

8^/10

spyware stealer
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2