e92e06818e3246205fb46c9e9c8a008c57885eec1a0786af712ab86ebf16be4e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e92e06818e3246205fb46c9e9c8a008c57885eec1a0786af712ab86ebf16be4e
Size

386KB
Sample

221029-t81dxaega5
MD5

522ffcd4c2ad7fbc859fc7721d4238f4
SHA1

ee5ab18f97587f67d38504fd698bf1a27b71dbf7
SHA256

e92e06818e3246205fb46c9e9c8a008c57885eec1a0786af712ab86ebf16be4e
SHA512

025bc8d0c2cb037fe7dadb5641ce10cfaa82083243074a18619c6dc5ba67eb19f4269f9e1d8841c1f7456226ba335ad6ee8fcbf34a4dad9e2ba80578866244a5
SSDEEP

12288:zXCNi9BMd9VUPyb3Pzcq2YLBZ9TcJIcVyo9bnhg:2W+9VZLP1rLBZ9TGIiy2bhg

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  e92e06818e3246205fb46c9e9c8a008c57885eec1a0786af712ab86ebf16be4e
- Size
  
  386KB
- MD5
  
  522ffcd4c2ad7fbc859fc7721d4238f4
- SHA1
  
  ee5ab18f97587f67d38504fd698bf1a27b71dbf7
- SHA256
  
  e92e06818e3246205fb46c9e9c8a008c57885eec1a0786af712ab86ebf16be4e
- SHA512
  
  025bc8d0c2cb037fe7dadb5641ce10cfaa82083243074a18619c6dc5ba67eb19f4269f9e1d8841c1f7456226ba335ad6ee8fcbf34a4dad9e2ba80578866244a5
- SSDEEP
  
  12288:zXCNi9BMd9VUPyb3Pzcq2YLBZ9TcJIcVyo9bnhg:2W+9VZLP1rLBZ9TGIiy2bhg
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer