fab8a31dbd77da2d6f0e1be73b008ee07bcd7f20a2b9ff3de8fc8642088ed7ee

Analysis

Target

fab8a31dbd77da2d6f0e1be73b008ee07bcd7f20a2b9ff3de8fc8642088ed7ee.exe
Size

493KB
MD5

cd135eebb454cada149a3892e6a346ec
SHA1

830766cf41d9032ecf4a3c735d1b7f24855e2a4a
SHA256

fab8a31dbd77da2d6f0e1be73b008ee07bcd7f20a2b9ff3de8fc8642088ed7ee
SHA512

7133c14ed3895c45c73e526586d75b4e586e500557b5e3f172c23bb86634521eb5aa9615cd0e6e02f850698034ebbf847ac9114930134e129753adb59713940d

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1256	fab8a31dbd77da2d6f0e1be73b008ee07bcd7f20a2b9ff3de8fc8642088ed7ee.exe

C:\Users\Admin\AppData\Local\Temp\fab8a31dbd77da2d6f0e1be73b008ee07bcd7f20a2b9ff3de8fc8642088ed7ee.exe
"C:\Users\Admin\AppData\Local\Temp\fab8a31dbd77da2d6f0e1be73b008ee07bcd7f20a2b9ff3de8fc8642088ed7ee.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1256

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact