31b1ffcddf3feac89150ce508a387ef5af1490cc238dfa6724e18efa0ab461cf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31b1ffcddf3feac89150ce508a387ef5af1490cc238dfa6724e18efa0ab461cf
Size

888KB
Sample

221003-yhjqpadbbj
MD5

5a20aee5dab2c0d90385664242f7ad00
SHA1

24baa3d081e6803d8470489967cfa3675ab961ac
SHA256

31b1ffcddf3feac89150ce508a387ef5af1490cc238dfa6724e18efa0ab461cf
SHA512

9e5ae32939b4176faaed4bbec725d85b8fc7265a6602ec7e0324121021179ff3cfa3a935527227c4e1a82c7247c9f3fb77f3d0dd9cb8ea92c51c54b3b1ca5fd5
SSDEEP

12288:CmfaXiGQeN/7YkrWBfWhvRhQUPJVuiSAqOm5yOvei3Do:fayGQeN/7DSBfWhhAiSA5v

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  31b1ffcddf3feac89150ce508a387ef5af1490cc238dfa6724e18efa0ab461cf
- Size
  
  888KB
- MD5
  
  5a20aee5dab2c0d90385664242f7ad00
- SHA1
  
  24baa3d081e6803d8470489967cfa3675ab961ac
- SHA256
  
  31b1ffcddf3feac89150ce508a387ef5af1490cc238dfa6724e18efa0ab461cf
- SHA512
  
  9e5ae32939b4176faaed4bbec725d85b8fc7265a6602ec7e0324121021179ff3cfa3a935527227c4e1a82c7247c9f3fb77f3d0dd9cb8ea92c51c54b3b1ca5fd5
- SSDEEP
  
  12288:CmfaXiGQeN/7YkrWBfWhvRhQUPJVuiSAqOm5yOvei3Do:fayGQeN/7DSBfWhhAiSA5v
Score

7^/10

persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2