c36fd2d12b32f5b2800c0380d04222264b29973fb47c893ca9c76b96e7fd6993 | Triage

Sharing

General

Target

c36fd2d12b32f5b2800c0380d04222264b29973fb47c893ca9c76b96e7fd6993
Size

484KB
Sample

221002-pjjyeaega4
MD5

47ee892b22f0da467777bced03fdbcc8
SHA1

5535908a6bd44696563f18c3b3d16df68350af40
SHA256

c36fd2d12b32f5b2800c0380d04222264b29973fb47c893ca9c76b96e7fd6993
SHA512

fe0a88686a214845e6b0942931374573973dd2fa2feadab032c749ee5d7a50728830b759f693350d6f3e78cebf9fc0ada228e6fe1d90f1b2cfa45227da32cb87
SSDEEP

12288:A7s5alUDm70Pj4hj1waITqSFFFFXch0r52s0ds0/rCH:qsCUtj4hj1RufFFFFXcu4dlrCH

Score

8^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  c36fd2d12b32f5b2800c0380d04222264b29973fb47c893ca9c76b96e7fd6993
- Size
  
  484KB
- MD5
  
  47ee892b22f0da467777bced03fdbcc8
- SHA1
  
  5535908a6bd44696563f18c3b3d16df68350af40
- SHA256
  
  c36fd2d12b32f5b2800c0380d04222264b29973fb47c893ca9c76b96e7fd6993
- SHA512
  
  fe0a88686a214845e6b0942931374573973dd2fa2feadab032c749ee5d7a50728830b759f693350d6f3e78cebf9fc0ada228e6fe1d90f1b2cfa45227da32cb87
- SSDEEP
  
  12288:A7s5alUDm70Pj4hj1waITqSFFFFXch0r52s0ds0/rCH:qsCUtj4hj1RufFFFFXcu4dlrCH
Score

8^/10

spyware stealer discovery persistence
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistencespywarestealer