145793398014dea6cf0cdb29c644cc1156cccf80949bbd6a013237b9481a6451 | Triage

Sharing

General

Target

171625eb0cb811f1df8798436a942928.exe
Size

469KB
Sample

210722-nlge5a3be6
MD5

171625eb0cb811f1df8798436a942928
SHA1

cab439f717d4ffc160fe17a58f831391f4bb4aa6
SHA256

145793398014dea6cf0cdb29c644cc1156cccf80949bbd6a013237b9481a6451
SHA512

998123ef3d2d7f0e79582e37b051950f014d9e0ddf3e29301e8e669081313070acca49217ee55a5de9d7b5762625336355a935f0d78132520e44ed6de849c32b

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  171625eb0cb811f1df8798436a942928.exe
- Size
  
  469KB
- MD5
  
  171625eb0cb811f1df8798436a942928
- SHA1
  
  cab439f717d4ffc160fe17a58f831391f4bb4aa6
- SHA256
  
  145793398014dea6cf0cdb29c644cc1156cccf80949bbd6a013237b9481a6451
- SHA512
  
  998123ef3d2d7f0e79582e37b051950f014d9e0ddf3e29301e8e669081313070acca49217ee55a5de9d7b5762625336355a935f0d78132520e44ed6de849c32b
Score

8^/10

discovery spyware stealer
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer