a4f4753bf9e076f24a442b5b2405b0f98d40b345d4546fec5376cb096340cb28 | Triage

Sharing

General

Target

a4f4753bf9e076f24a442b5b2405b0f98d40b345d4546fec5376cb096340cb28
Size

59KB
Sample

211019-zzlgaagdc9
MD5

ea2d29e9f69eef9945cff9eeab1fd246
SHA1

ca142f8de3b5ea18d9538a7c5968fcd1542e7f46
SHA256

a4f4753bf9e076f24a442b5b2405b0f98d40b345d4546fec5376cb096340cb28
SHA512

5a4a084b23b290b43b535833083c1e262843802908112cd1731e06e0d9490d8ebadbe376a9d7129575a4d58245c1f40084f32f4d7d33dc93b971e790f8bd9571

Score

8^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  a4f4753bf9e076f24a442b5b2405b0f98d40b345d4546fec5376cb096340cb28
- Size
  
  59KB
- MD5
  
  ea2d29e9f69eef9945cff9eeab1fd246
- SHA1
  
  ca142f8de3b5ea18d9538a7c5968fcd1542e7f46
- SHA256
  
  a4f4753bf9e076f24a442b5b2405b0f98d40b345d4546fec5376cb096340cb28
- SHA512
  
  5a4a084b23b290b43b535833083c1e262843802908112cd1731e06e0d9490d8ebadbe376a9d7129575a4d58245c1f40084f32f4d7d33dc93b971e790f8bd9571
Score

8^/10

discovery persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer