28fbc35964c5a137d5e4bb2c770fbc6674d26fe478e18a0759e0647a44cb0d54 | Triage

Sharing

General

Target

clean(1).exe
Size

1.5MB
Sample

210412-n8daa42e4x
MD5

840e844757113c05dc8618397202f357
SHA1

da645fea1df7fd2cb07f9e8bd388bdc6e04c4750
SHA256

28fbc35964c5a137d5e4bb2c770fbc6674d26fe478e18a0759e0647a44cb0d54
SHA512

4f8a30151fa0706df66c8d66cfa3c12f82a4dc08478fdc936c59552a962273c46f26ed823f5cd6c73ba078b95ed94e1dab762c932d97f73d6dca8669b9949018

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  clean(1).exe
- Size
  
  1.5MB
- MD5
  
  840e844757113c05dc8618397202f357
- SHA1
  
  da645fea1df7fd2cb07f9e8bd388bdc6e04c4750
- SHA256
  
  28fbc35964c5a137d5e4bb2c770fbc6674d26fe478e18a0759e0647a44cb0d54
- SHA512
  
  4f8a30151fa0706df66c8d66cfa3c12f82a4dc08478fdc936c59552a962273c46f26ed823f5cd6c73ba078b95ed94e1dab762c932d97f73d6dca8669b9949018
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer