ff8179842a8ccb8d0ebe0df9f615e5ea4b362a3783af86273889aa5b537a17cf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff8179842a8ccb8d0ebe0df9f615e5ea4b362a3783af86273889aa5b537a17cf
Size

1.7MB
Sample

221017-yft4mscgh4
MD5

faccf57581b6811979a729ff27903d25
SHA1

f847b51b7597c9f4e952b967a36a77731ff69ec5
SHA256

ff8179842a8ccb8d0ebe0df9f615e5ea4b362a3783af86273889aa5b537a17cf
SHA512

9f65ef7e50dad21d3504c7c20975f0b32e34c9415f97206dc54d92f2f1f0de13dfa680909a3b3c4d53d900fc80f633f35c22f635b3a5e5f7d5579d98568c6ca9
SSDEEP

49152:lRnhBukLWspUa0dWB7tfEg7n07TE1LliA87Q8J:3uD210dy7tfb7nmY1LliAaQ8

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  ff8179842a8ccb8d0ebe0df9f615e5ea4b362a3783af86273889aa5b537a17cf
- Size
  
  1.7MB
- MD5
  
  faccf57581b6811979a729ff27903d25
- SHA1
  
  f847b51b7597c9f4e952b967a36a77731ff69ec5
- SHA256
  
  ff8179842a8ccb8d0ebe0df9f615e5ea4b362a3783af86273889aa5b537a17cf
- SHA512
  
  9f65ef7e50dad21d3504c7c20975f0b32e34c9415f97206dc54d92f2f1f0de13dfa680909a3b3c4d53d900fc80f633f35c22f635b3a5e5f7d5579d98568c6ca9
- SSDEEP
  
  49152:lRnhBukLWspUa0dWB7tfEg7n07TE1LliA87Q8J:3uD210dy7tfb7nmY1LliAaQ8
Score

8^/10

spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2