ac8fa5bbc7c699494461478225e87f35f3dfdad62fcc998e08a1f506e1e94631 | Triage

Submit
Reports

Overview

overview

Static

static

kl.edata.exe

windows7_x64

5

kl.edata.exe

windows10_x64

Sharing

General

Target

kl.edata
Size

1.1MB
Sample

210419-cjcp4hpfxa
MD5

36fffcd5ceae94df443a16d622dfd786
SHA1

8989ed41babcd0711fade3efc9116395ca2a1571
SHA256

ac8fa5bbc7c699494461478225e87f35f3dfdad62fcc998e08a1f506e1e94631
SHA512

c6825cc9dbbcedf9d0b013d84d214783f5bc7e5984d8dd5266b22e5a2372eefa93fcf300c4c89ded002678d696c34a6f2e95034cb0cfdd316dacef3663accba8

Score

10^/10

discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

kl.edata.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

kl.edata.exe

Resource

win10v20210408

discovery persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  kl.edata
- Size
  
  1.1MB
- MD5
  
  36fffcd5ceae94df443a16d622dfd786
- SHA1
  
  8989ed41babcd0711fade3efc9116395ca2a1571
- SHA256
  
  ac8fa5bbc7c699494461478225e87f35f3dfdad62fcc998e08a1f506e1e94631
- SHA512
  
  c6825cc9dbbcedf9d0b013d84d214783f5bc7e5984d8dd5266b22e5a2372eefa93fcf300c4c89ded002678d696c34a6f2e95034cb0cfdd316dacef3663accba8
Score

10^/10

discovery persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistencespywarestealer

© 2018-2024

Terms | Privacy