525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f

Analysis

Target

525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f.exe
Size

1.1MB
MD5

f61b6543fa50129b2a18c778c10c8f9c
SHA1

ff73721c5a733765db6a850b56c602a5fe39af70
SHA256

525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f
SHA512

d00bb238c3b64b88c1037074835777e0154ca0aabcb05965c07b67c965a07bfc8cc3ef63971ad5499c233ce6bd3d7fef650f39a6de775f68f29ad25439526984

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1040	525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f.exe

C:\Users\Admin\AppData\Local\Temp\525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f.exe
"C:\Users\Admin\AppData\Local\Temp\525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1040

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1040-54-0x0000000076911000-0x0000000076913000-memory.dmp

Filesize
8KB

Download