af5e6a26b1901567ca47f29af97bfe8480ff5db8cc20c360daed0519d039991d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af5e6a26b1901567ca47f29af97bfe8480ff5db8cc20c360daed0519d039991d.exe
Size

262KB
Sample

221017-k82sasbeel
MD5

1a24b27b91449fd3c4deb2e460df67b1
SHA1

27858b8ae769507cd6b7113f14257c89a81c7ee8
SHA256

af5e6a26b1901567ca47f29af97bfe8480ff5db8cc20c360daed0519d039991d
SHA512

3ca61120529b4355353bdcbadb2d41ed673c65b4b11b9d2a12ca6ca5e463a020a341ed4f31e19b1e523283368ded50d1ea61de784f781680bf3a1b69a5db21db
SSDEEP

6144:xZMazDQBNBYgR0uWDetZ5Ly0q8be5gORGLAfQPH7ls9:xS08jOQKCLZ2KAoe

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  af5e6a26b1901567ca47f29af97bfe8480ff5db8cc20c360daed0519d039991d.exe
- Size
  
  262KB
- MD5
  
  1a24b27b91449fd3c4deb2e460df67b1
- SHA1
  
  27858b8ae769507cd6b7113f14257c89a81c7ee8
- SHA256
  
  af5e6a26b1901567ca47f29af97bfe8480ff5db8cc20c360daed0519d039991d
- SHA512
  
  3ca61120529b4355353bdcbadb2d41ed673c65b4b11b9d2a12ca6ca5e463a020a341ed4f31e19b1e523283368ded50d1ea61de784f781680bf3a1b69a5db21db
- SSDEEP
  
  6144:xZMazDQBNBYgR0uWDetZ5Ly0q8be5gORGLAfQPH7ls9:xS08jOQKCLZ2KAoe
Score

8^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer