fba39a40bd5509086f6d49834fdf8463d6d4ffbf24b457f088227b61b3a50d07 | Triage

Sharing

General

Target

fba39a40bd5509086f6d49834fdf8463d6d4ffbf24b457f088227b61b3a50d07
Size

211KB
Sample

221020-pdkbzsdabn
MD5

fe53d500be86da4328cafcd6cc776e1f
SHA1

904a78026488292f9cf4cfda955f78d58f285a3a
SHA256

fba39a40bd5509086f6d49834fdf8463d6d4ffbf24b457f088227b61b3a50d07
SHA512

32b6660ac7a6ba30dc83c47a1533488b8309f00627dd50093e79a3fc8bfd8d5df82c7f2f6993dff482c45eeac4d7887699485a4b0cb215f2dbf65a3f51a98e24
SSDEEP

3072:EPUHpiKT2t2UHIu05W7SAFJJOUD9cckiKop97f3r8n9t9Ygntt:9rTfUHeeSKOS9ccFKk3Y9t9Yk

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  fba39a40bd5509086f6d49834fdf8463d6d4ffbf24b457f088227b61b3a50d07
- Size
  
  211KB
- MD5
  
  fe53d500be86da4328cafcd6cc776e1f
- SHA1
  
  904a78026488292f9cf4cfda955f78d58f285a3a
- SHA256
  
  fba39a40bd5509086f6d49834fdf8463d6d4ffbf24b457f088227b61b3a50d07
- SHA512
  
  32b6660ac7a6ba30dc83c47a1533488b8309f00627dd50093e79a3fc8bfd8d5df82c7f2f6993dff482c45eeac4d7887699485a4b0cb215f2dbf65a3f51a98e24
- SSDEEP
  
  3072:EPUHpiKT2t2UHIu05W7SAFJJOUD9cckiKop97f3r8n9t9Ygntt:9rTfUHeeSKOS9ccFKk3Y9t9Yk
Score

8^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer