8316bdc055405c4c3399955ad8dd0d4e9027aed8f28ededb0975eb38d13e3589 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8316bdc055405c4c3399955ad8dd0d4e9027aed8f28ededb0975eb38d13e3589
Size

688KB
Sample

221012-rldkhsfaa3
MD5

7b77b1446b8cd6a32f08cfcbef8039d0
SHA1

d2e6c6e8fdfb65a9a9ff6995ec2702d9a2907e1d
SHA256

8316bdc055405c4c3399955ad8dd0d4e9027aed8f28ededb0975eb38d13e3589
SHA512

130735093c021769d54660728e401b3c297b8c54eac5a92d2d8677e1d0c64574cba715e42d190f79b53e4011bb0ccd1d359fec0c821508f76ddd0d257ef28d0a
SSDEEP

12288:7wSCzE7RFO/ZhPFNxjr7kfTbw1es9H1bhzQKY82TVFPw5pgCGT7vYi5pn2ylGh:7xCzbZhPFLrYs8a1VqTVBw5pW3Qij2qO

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  8316bdc055405c4c3399955ad8dd0d4e9027aed8f28ededb0975eb38d13e3589
- Size
  
  688KB
- MD5
  
  7b77b1446b8cd6a32f08cfcbef8039d0
- SHA1
  
  d2e6c6e8fdfb65a9a9ff6995ec2702d9a2907e1d
- SHA256
  
  8316bdc055405c4c3399955ad8dd0d4e9027aed8f28ededb0975eb38d13e3589
- SHA512
  
  130735093c021769d54660728e401b3c297b8c54eac5a92d2d8677e1d0c64574cba715e42d190f79b53e4011bb0ccd1d359fec0c821508f76ddd0d257ef28d0a
- SSDEEP
  
  12288:7wSCzE7RFO/ZhPFNxjr7kfTbw1es9H1bhzQKY82TVFPw5pgCGT7vYi5pn2ylGh:7xCzbZhPFLrYs8a1VqTVBw5pW3Qij2qO
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer