cdc85a742571da10ea9510b87a1ab7c910293604f93e4947a8c3a84d0f238c6c | Triage

Sharing

General

Target

71268e62-cf82-4d0e-8a4d-5b10168af1cf.exe
Size

16.7MB
Sample

220521-h2j8kaaga7
MD5

d569d09b5796a97e2d431214ddbb1d81
SHA1

4458bf9a533f912088083d89a20193ed64630b4c
SHA256

cdc85a742571da10ea9510b87a1ab7c910293604f93e4947a8c3a84d0f238c6c
SHA512

cb9d7517e8ab535aab5aa15034d8422c40bf518cbc83b526d615add550dadf35d86f5527e250fe62302e62f80af5c8902370aef4fb56452f79150ff2c8e32903

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  71268e62-cf82-4d0e-8a4d-5b10168af1cf.exe
- Size
  
  16.7MB
- MD5
  
  d569d09b5796a97e2d431214ddbb1d81
- SHA1
  
  4458bf9a533f912088083d89a20193ed64630b4c
- SHA256
  
  cdc85a742571da10ea9510b87a1ab7c910293604f93e4947a8c3a84d0f238c6c
- SHA512
  
  cb9d7517e8ab535aab5aa15034d8422c40bf518cbc83b526d615add550dadf35d86f5527e250fe62302e62f80af5c8902370aef4fb56452f79150ff2c8e32903
Score

8^/10

spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2