817e54e6a2d2c447eb5bdd05630c8b26c8f156319098d8bfe5616cdaf6d0ed37 | Triage

Sharing

General

Target

817e54e6a2d2c447eb5bdd05630c8b26c8f156319098d8bfe5616cdaf6d0ed37
Size

328KB
Sample

221019-2cjqaabbb2
MD5

907a846a3c46bf75a5801848df70ddb3
SHA1

bf874577787e80a54d625cc1ba6a20b005f4efdd
SHA256

817e54e6a2d2c447eb5bdd05630c8b26c8f156319098d8bfe5616cdaf6d0ed37
SHA512

c2a86aa0663379db3851a6d5136ef388ba4b2a66fbadf7c4fc19fb8e680d503a811eba9613c154ab02fc08b012113de8be4472552e6fce0f75b5697806c5d9e9
SSDEEP

6144:VTJ1xj95lepxtYnagtpG4Q8GCBmDvNgSHdtoZs9r0Kt:VTJ1xHlqOna/YGymDvNfdtoWN00

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  817e54e6a2d2c447eb5bdd05630c8b26c8f156319098d8bfe5616cdaf6d0ed37
- Size
  
  328KB
- MD5
  
  907a846a3c46bf75a5801848df70ddb3
- SHA1
  
  bf874577787e80a54d625cc1ba6a20b005f4efdd
- SHA256
  
  817e54e6a2d2c447eb5bdd05630c8b26c8f156319098d8bfe5616cdaf6d0ed37
- SHA512
  
  c2a86aa0663379db3851a6d5136ef388ba4b2a66fbadf7c4fc19fb8e680d503a811eba9613c154ab02fc08b012113de8be4472552e6fce0f75b5697806c5d9e9
- SSDEEP
  
  6144:VTJ1xj95lepxtYnagtpG4Q8GCBmDvNgSHdtoZs9r0Kt:VTJ1xHlqOna/YGymDvNfdtoWN00
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2