a30418123b7f87e996ffceb2be3599cf2555aa688244b24f81d642ea170c9a5d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a30418123b7f87e996ffceb2be3599cf2555aa688244b24f81d642ea170c9a5d
Size

1.9MB
Sample

221029-alwmnadgbn
MD5

ea1d761989f803d9641869401fe33c95
SHA1

e1b0cbfc48482864a84db85d751b2dd38b4273f2
SHA256

a30418123b7f87e996ffceb2be3599cf2555aa688244b24f81d642ea170c9a5d
SHA512

5e891987c80787a795dd2be5a256c29bf492d88ae4d884af146993fe0aed5e7f5a80ba6fcc0533c6feccd4e806106368edf6c68ff8ac2581657bf52da27a0ad4
SSDEEP

49152:9tCYeW+hGM7RInWAxjBozQUhsjTtJA1W3D+s:9tV+suRWjoQEsPtV

Score

8^/10

evasion spyware stealer

Malware Config

Targets

- Target
  
  a30418123b7f87e996ffceb2be3599cf2555aa688244b24f81d642ea170c9a5d
- Size
  
  1.9MB
- MD5
  
  ea1d761989f803d9641869401fe33c95
- SHA1
  
  e1b0cbfc48482864a84db85d751b2dd38b4273f2
- SHA256
  
  a30418123b7f87e996ffceb2be3599cf2555aa688244b24f81d642ea170c9a5d
- SHA512
  
  5e891987c80787a795dd2be5a256c29bf492d88ae4d884af146993fe0aed5e7f5a80ba6fcc0533c6feccd4e806106368edf6c68ff8ac2581657bf52da27a0ad4
- SSDEEP
  
  49152:9tCYeW+hGM7RInWAxjBozQUhsjTtJA1W3D+s:9tV+suRWjoQEsPtV
Score

8^/10

evasion spyware stealer
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionspywarestealer