afa4473efd11e002d40d802b442038862bec075b3e102bcffaa5bbeebaabaf96

Analysis

Target

afa4473efd11e002d40d802b442038862bec075b3e102bcffaa5bbeebaabaf96.exe
Size

493KB
MD5

db2e50ca6bd801a5083e32da32644f02
SHA1

812e0d4eaee86b4ae3a0af4f22c53bcc03f0f967
SHA256

afa4473efd11e002d40d802b442038862bec075b3e102bcffaa5bbeebaabaf96
SHA512

ae4d7ada5f9769963409645cd9c3bb49c9a60088bc18ba43f51121590ed2f6cf8e69441d95415013d58689f4257dde47259e28d41cfe22d9db932d7d5e4c653e

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1296	afa4473efd11e002d40d802b442038862bec075b3e102bcffaa5bbeebaabaf96.exe

C:\Users\Admin\AppData\Local\Temp\afa4473efd11e002d40d802b442038862bec075b3e102bcffaa5bbeebaabaf96.exe
"C:\Users\Admin\AppData\Local\Temp\afa4473efd11e002d40d802b442038862bec075b3e102bcffaa5bbeebaabaf96.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1296

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact