a3fd121fe81cefead37cc3e48ac8f1d8bac7e2b8701557928373ae9f41b5d890 | Triage

Resubmissions

29/10/2022, 20:40

221029-zfw4nsebh4 7

29/10/2022, 20:36

221029-zdyjqaegej 7

Sharing

General

Target

nitro_buyer_raresXarabs_v2.exe
Size

60.7MB
Sample

221029-zdyjqaegej
MD5

05f46bf07740d6c3232d4772ab3d175b
SHA1

15e541668c8878269b6b187cd5d53660797d41ff
SHA256

a3fd121fe81cefead37cc3e48ac8f1d8bac7e2b8701557928373ae9f41b5d890
SHA512

fa7714cc48525f3d7eb874d3370fd0a6bb4c71dc2585cb83ece674056bee38dc1769e0034861375a5ab72823fb299cb8ca879e4ce816a23e9af9ac158d16fbb1
SSDEEP

786432:RcK4tdEBDsZD8gtrYkI8TZ31SxHOhjWuR2vMRHnNhG3y1GZP2o1:R700AZDztzTZlOOhX2vMRHnW3Zh2o1

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  nitro_buyer_raresXarabs_v2.exe
- Size
  
  60.7MB
- MD5
  
  05f46bf07740d6c3232d4772ab3d175b
- SHA1
  
  15e541668c8878269b6b187cd5d53660797d41ff
- SHA256
  
  a3fd121fe81cefead37cc3e48ac8f1d8bac7e2b8701557928373ae9f41b5d890
- SHA512
  
  fa7714cc48525f3d7eb874d3370fd0a6bb4c71dc2585cb83ece674056bee38dc1769e0034861375a5ab72823fb299cb8ca879e4ce816a23e9af9ac158d16fbb1
- SSDEEP
  
  786432:RcK4tdEBDsZD8gtrYkI8TZ31SxHOhjWuR2vMRHnNhG3y1GZP2o1:R700AZDztzTZlOOhX2vMRHnW3Zh2o1
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2