21f506a950191e4b5f50fdbe67d8a7089f6bd535f6a73d4ecad9d4a9a21eee9e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21f506a950191e4b5f50fdbe67d8a7089f6bd535f6a73d4ecad9d4a9a21eee9e
Size

162KB
Sample

221002-blr5xafag7
MD5

5c0f9ddb82a7f85ccd7e79144cde2588
SHA1

7545d327561033dcd96ae74231beaa97dd884476
SHA256

21f506a950191e4b5f50fdbe67d8a7089f6bd535f6a73d4ecad9d4a9a21eee9e
SHA512

099258aa9d4f7c60f91e85fb4b1c4b24a89b7ee23cfc05f2a9249017d5fd76a96edb8638b426846fc85357ccd7098b6d226e0ce6920e5b5120373613c7371f23
SSDEEP

3072:zjzhZWxivgmhbI/pqqsFUCN3R9MI+INjxeDlt+ZIDt+NRYML0bSqXk:zXC4vgmhbIxs3NBBlcDlYZIDzMLf9

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  21f506a950191e4b5f50fdbe67d8a7089f6bd535f6a73d4ecad9d4a9a21eee9e
- Size
  
  162KB
- MD5
  
  5c0f9ddb82a7f85ccd7e79144cde2588
- SHA1
  
  7545d327561033dcd96ae74231beaa97dd884476
- SHA256
  
  21f506a950191e4b5f50fdbe67d8a7089f6bd535f6a73d4ecad9d4a9a21eee9e
- SHA512
  
  099258aa9d4f7c60f91e85fb4b1c4b24a89b7ee23cfc05f2a9249017d5fd76a96edb8638b426846fc85357ccd7098b6d226e0ce6920e5b5120373613c7371f23
- SSDEEP
  
  3072:zjzhZWxivgmhbI/pqqsFUCN3R9MI+INjxeDlt+ZIDt+NRYML0bSqXk:zXC4vgmhbIxs3NBBlcDlYZIDzMLf9
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer