f9e41175a20e928147fcc512e4413e06fabc311e6a4a4b41dc05b8e3c1fc2e40 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9e41175a20e928147fcc512e4413e06fabc311e6a4a4b41dc05b8e3c1fc2e40
Size

522KB
Sample

221011-g1agashgc4
MD5

7b71926a6fcff8b49f7131bcd199dcc0
SHA1

1aa9c38cf15562dde016b6eba9054c5fbd4d4065
SHA256

f9e41175a20e928147fcc512e4413e06fabc311e6a4a4b41dc05b8e3c1fc2e40
SHA512

53a6f684264f6582bf70468d59c88276b8691ce287ea9788ff2cd83f51dad11b04784e3a3635b534b65bf6151c3e5dbb02e3cd74b93a510ded58d20cb61cf371
SSDEEP

12288:AzrlzyLIvNFJP9jRkRXFN7+d84uaji+ici:AzoLUPRRkLN+d8JZ

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  f9e41175a20e928147fcc512e4413e06fabc311e6a4a4b41dc05b8e3c1fc2e40
- Size
  
  522KB
- MD5
  
  7b71926a6fcff8b49f7131bcd199dcc0
- SHA1
  
  1aa9c38cf15562dde016b6eba9054c5fbd4d4065
- SHA256
  
  f9e41175a20e928147fcc512e4413e06fabc311e6a4a4b41dc05b8e3c1fc2e40
- SHA512
  
  53a6f684264f6582bf70468d59c88276b8691ce287ea9788ff2cd83f51dad11b04784e3a3635b534b65bf6151c3e5dbb02e3cd74b93a510ded58d20cb61cf371
- SSDEEP
  
  12288:AzrlzyLIvNFJP9jRkRXFN7+d84uaji+ici:AzoLUPRRkLN+d8JZ
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2