c4acff88678f9a7507b0e317b1c4f6edc1460772e9ec1f02d0f36773666c1bc0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c4acff88678f9a7507b0e317b1c4f6edc1460772e9ec1f02d0f36773666c1bc0
Size

72KB
Sample

221011-lrfzyaggel
MD5

014af3d9006e5971188b389857b36202
SHA1

80e7c34e43ded54588b854db139f7613a258b00e
SHA256

c4acff88678f9a7507b0e317b1c4f6edc1460772e9ec1f02d0f36773666c1bc0
SHA512

a1d6fcd15ddcc76d7680b17825e5a841cf325aeb7ca4fd147f31ea510588a91be4d94230d5742c26a1ec2d461a6a1326fddf7da94cc48a70f63d4295aa37b41e
SSDEEP

1536:2OUaYzMXqtGNttyNJYq/9UyRJ3UwjeDQEO0hbkGX5J2OZV8bHnv:25aY46tGNttyXxiyRJ3UwVb0hBAOj8D

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  c4acff88678f9a7507b0e317b1c4f6edc1460772e9ec1f02d0f36773666c1bc0
- Size
  
  72KB
- MD5
  
  014af3d9006e5971188b389857b36202
- SHA1
  
  80e7c34e43ded54588b854db139f7613a258b00e
- SHA256
  
  c4acff88678f9a7507b0e317b1c4f6edc1460772e9ec1f02d0f36773666c1bc0
- SHA512
  
  a1d6fcd15ddcc76d7680b17825e5a841cf325aeb7ca4fd147f31ea510588a91be4d94230d5742c26a1ec2d461a6a1326fddf7da94cc48a70f63d4295aa37b41e
- SSDEEP
  
  1536:2OUaYzMXqtGNttyNJYq/9UyRJ3UwjeDQEO0hbkGX5J2OZV8bHnv:25aY46tGNttyXxiyRJ3UwVb0hBAOj8D
Score

8^/10

spyware stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2