204308e00ecfd13d39503dc525fccc5393483948e4c8640a1b21d616e1c4ebed | Triage

Sharing

General

Target

204308e00ecfd13d39503dc525fccc5393483948e4c8640a1b21d616e1c4ebed
Size

3.9MB
Sample

210513-tjgvyaen6a
MD5

bca6b95784be22950d3c68f7c021418b
SHA1

a80dbf95d96ab9402e644eb1e271a9431bbc7b53
SHA256

204308e00ecfd13d39503dc525fccc5393483948e4c8640a1b21d616e1c4ebed
SHA512

00db30ff69cb35c301b4a4d52778414e4e176ef183da1da587df63069706cfa0c62d72fa4e010c05241bc25e182c6e5183a40d7e61a2e15924d875068e533f08

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  204308e00ecfd13d39503dc525fccc5393483948e4c8640a1b21d616e1c4ebed
- Size
  
  3.9MB
- MD5
  
  bca6b95784be22950d3c68f7c021418b
- SHA1
  
  a80dbf95d96ab9402e644eb1e271a9431bbc7b53
- SHA256
  
  204308e00ecfd13d39503dc525fccc5393483948e4c8640a1b21d616e1c4ebed
- SHA512
  
  00db30ff69cb35c301b4a4d52778414e4e176ef183da1da587df63069706cfa0c62d72fa4e010c05241bc25e182c6e5183a40d7e61a2e15924d875068e533f08
Score

7^/10

persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2