7e6d9e69225ab0234873be6bc5e3b58e1273dd05fff7b6f69e77f8f158f7c15b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HEUR-Trojan-Ransom.MSIL.Encoder.gen-7e6d9e69225ab0234873be6bc5e3b58e1273dd05fff7b6f69e77f8f158f7c15b.exe
Size

8KB
Sample

220929-pthhbsagg2
MD5

d12bbc86ed74bf6bb5d2f8ccb1cb6d3d
SHA1

f13cf7d452a953d95d3af5ae054a781cb9cb817c
SHA256

7e6d9e69225ab0234873be6bc5e3b58e1273dd05fff7b6f69e77f8f158f7c15b
SHA512

7fc87d595228f6e60df774d8c2e1a1eac25f3f0a27027784b4bf362dae10610ffeda0ca3b1931eb485f476b8372e558f7a837f255323c7c3e9a20a28984d82c0
SSDEEP

192:yd7+OMFFr5Jyi/8XRyLkSD8g8Xd2oXQbv0DiPD9OY:q73MjruiURyLkk8lN2oAj0+PZOY

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  HEUR-Trojan-Ransom.MSIL.Encoder.gen-7e6d9e69225ab0234873be6bc5e3b58e1273dd05fff7b6f69e77f8f158f7c15b.exe
- Size
  
  8KB
- MD5
  
  d12bbc86ed74bf6bb5d2f8ccb1cb6d3d
- SHA1
  
  f13cf7d452a953d95d3af5ae054a781cb9cb817c
- SHA256
  
  7e6d9e69225ab0234873be6bc5e3b58e1273dd05fff7b6f69e77f8f158f7c15b
- SHA512
  
  7fc87d595228f6e60df774d8c2e1a1eac25f3f0a27027784b4bf362dae10610ffeda0ca3b1931eb485f476b8372e558f7a837f255323c7c3e9a20a28984d82c0
- SSDEEP
  
  192:yd7+OMFFr5Jyi/8XRyLkSD8g8Xd2oXQbv0DiPD9OY:q73MjruiURyLkk8lN2oAj0+PZOY
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2