df1beae73f7ef5bd4ca66b1f5c5c30000d19660b5d5e0c3fb2ebb7794f2f4105 | Triage

Sharing

General

Target

df1beae73f7ef5bd4ca66b1f5c5c30000d19660b5d5e0c3fb2ebb7794f2f4105
Size

53KB
Sample

211019-l1m5lsffb6
MD5

a1f1b1edc4275487ff601f95386c542d
SHA1

33df73715d4c379af8823dd681f709d96712e94a
SHA256

df1beae73f7ef5bd4ca66b1f5c5c30000d19660b5d5e0c3fb2ebb7794f2f4105
SHA512

3d08a6c0cf0eb730111b07b44bc7377dd13256bd6df05fa7cbd2d1e4672bbb1e1870ef03fc866fcc7d9460a495a9ade01a6a9b814cc80a1601c7996018c94b7b

Score

8^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  df1beae73f7ef5bd4ca66b1f5c5c30000d19660b5d5e0c3fb2ebb7794f2f4105
- Size
  
  53KB
- MD5
  
  a1f1b1edc4275487ff601f95386c542d
- SHA1
  
  33df73715d4c379af8823dd681f709d96712e94a
- SHA256
  
  df1beae73f7ef5bd4ca66b1f5c5c30000d19660b5d5e0c3fb2ebb7794f2f4105
- SHA512
  
  3d08a6c0cf0eb730111b07b44bc7377dd13256bd6df05fa7cbd2d1e4672bbb1e1870ef03fc866fcc7d9460a495a9ade01a6a9b814cc80a1601c7996018c94b7b
Score

8^/10

discovery persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer