9a24cdfb872ae62cb475ac3870bbc0bcd73c995fedc9bfa8fdb960d4f10d6ab4 | Triage

Sharing

General

Target

9a24cdfb872ae62cb475ac3870bbc0bcd73c995fedc9bfa8fdb960d4f10d6ab4
Size

410KB
Sample

220521-n1y8zsedg2
MD5

2d12f72283738c1ab3be3bc3c962358d
SHA1

0d04b971117064f3d03f6018bc078d3f8108e406
SHA256

9a24cdfb872ae62cb475ac3870bbc0bcd73c995fedc9bfa8fdb960d4f10d6ab4
SHA512

32135aa83e50dfb3ce585ed7ebd252e132d8d66298147d6eda82e00853c0683a9a420e6dbde7eae49066cf7e9b39186545ad0319259727f0554d921a46eb5c95

Score

7^/10

collection persistence spyware stealer

Malware Config

Targets

- Target
  
  scan0007.exe
- Size
  
  775KB
- MD5
  
  3176b2ec16893db023f902131a692a54
- SHA1
  
  6f8b228c5af016a1bf56cf13868a69c18132ba68
- SHA256
  
  7765882da3fa82551473e15f93716036e185b9d88f153fbb1566897dc0f52673
- SHA512
  
  e15679d4a759cf95c03ace527d0519e6ba71801e4e0bcf20d6da3c26596c9a9e32aedc6e6ba6b985822db86e2637e191ed1f61593d899f1b8b8fff1babe17a87
Score

7^/10

collection persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

collectionpersistencespywarestealer

behavioral2

collectionpersistencespywarestealer