5ecb7babf3122c38800ce8e7906fc7add1fdfd1e54c04b82d8f66a98050d6d87 | Triage

Sharing

General

Target

5ecb7babf3122c38800ce8e7906fc7add1fdfd1e54c04b82d8f66a98050d6d87
Size

728KB
Sample

221029-ay6cmaecgj
MD5

e109115c3cdc5e6aecc2cb668834cf46
SHA1

b6d47de5a8a58df865602831d71eaffd7beff43f
SHA256

5ecb7babf3122c38800ce8e7906fc7add1fdfd1e54c04b82d8f66a98050d6d87
SHA512

cc86bb62d989ed4924a8a0b05697c18e685ece466ffb6c638ed8e264807b0131db48c9ee9abc0c040735cb4b89f15aec8df9acd2eb6bddde042bfc450a5de979
SSDEEP

12288:1minDm/UULA+4taERTjgeMJXphepS/DWhITPfvAyMLg7KOV9gT8T:1minDm8ULA5EERTjH2pheg/ihIrfvA/o

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  5ecb7babf3122c38800ce8e7906fc7add1fdfd1e54c04b82d8f66a98050d6d87
- Size
  
  728KB
- MD5
  
  e109115c3cdc5e6aecc2cb668834cf46
- SHA1
  
  b6d47de5a8a58df865602831d71eaffd7beff43f
- SHA256
  
  5ecb7babf3122c38800ce8e7906fc7add1fdfd1e54c04b82d8f66a98050d6d87
- SHA512
  
  cc86bb62d989ed4924a8a0b05697c18e685ece466ffb6c638ed8e264807b0131db48c9ee9abc0c040735cb4b89f15aec8df9acd2eb6bddde042bfc450a5de979
- SSDEEP
  
  12288:1minDm/UULA+4taERTjgeMJXphepS/DWhITPfvAyMLg7KOV9gT8T:1minDm8ULA5EERTjH2pheg/ihIrfvA/o
Score

7^/10

persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2