4cd0348c4c23253f592ec6c6eb763cf531ab6f7f647089842d3d3b467492b978 | Triage

Sharing

General

Target

4cd0348c4c23253f592ec6c6eb763cf531ab6f7f647089842d3d3b467492b978
Size

149KB
Sample

220919-ry4x8sghhj
MD5

2a812e6a820cf6e5d0c1d9fc91960f20
SHA1

7c6dbd6c940ea237354b59ee958e18363c2e7374
SHA256

4cd0348c4c23253f592ec6c6eb763cf531ab6f7f647089842d3d3b467492b978
SHA512

28b7a1ef166dd55c5ba9da66e07791d739bf1f6dd2cb5a27e5920e0a5857a0e315e48ea512ae8c8de6a8fc172b2395f69e1ff9c56e399b11f9efdfa383e92ecf
SSDEEP

3072:1JMGaWXa0+9na0FF53uywafvR6rEy4u1HWWsxayVB9:v7bXZ+9a0FFcPa3R6riu1HWWsoIB9

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  4cd0348c4c23253f592ec6c6eb763cf531ab6f7f647089842d3d3b467492b978
- Size
  
  149KB
- MD5
  
  2a812e6a820cf6e5d0c1d9fc91960f20
- SHA1
  
  7c6dbd6c940ea237354b59ee958e18363c2e7374
- SHA256
  
  4cd0348c4c23253f592ec6c6eb763cf531ab6f7f647089842d3d3b467492b978
- SHA512
  
  28b7a1ef166dd55c5ba9da66e07791d739bf1f6dd2cb5a27e5920e0a5857a0e315e48ea512ae8c8de6a8fc172b2395f69e1ff9c56e399b11f9efdfa383e92ecf
- SSDEEP
  
  3072:1JMGaWXa0+9na0FF53uywafvR6rEy4u1HWWsxayVB9:v7bXZ+9a0FFcPa3R6riu1HWWsoIB9
Score

8^/10

persistence spyware stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistencespywarestealer