072a5598ea9b1b9f138815318055adc633968f1c84aecf3f86e4f4ee06ee51c9 | Triage

Sharing

General

Target

072a5598ea9b1b9f138815318055adc633968f1c84aecf3f86e4f4ee06ee51c9
Size

484KB
Sample

221030-vkbajsbae3
MD5

821c00aa113eec1bad3d4e54e2972d90
SHA1

3990bddcf34ad33a522ad51df6747054b2247ea2
SHA256

072a5598ea9b1b9f138815318055adc633968f1c84aecf3f86e4f4ee06ee51c9
SHA512

97ef34c352eb5ca1a6efd63dd74193031a3881e6a2fcedb0c6464a8c9efdf33341b67517ca7e2b14d25a9dc9440321afbf76c2546a5ea2f66af5e2be6355a52c
SSDEEP

768:46lJ40YEiiCGMGHG7e01yzx611pvy9BtNQJt/2e4fYsPI:Pk0Yhyr93NQJtZ36I

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  072a5598ea9b1b9f138815318055adc633968f1c84aecf3f86e4f4ee06ee51c9
- Size
  
  484KB
- MD5
  
  821c00aa113eec1bad3d4e54e2972d90
- SHA1
  
  3990bddcf34ad33a522ad51df6747054b2247ea2
- SHA256
  
  072a5598ea9b1b9f138815318055adc633968f1c84aecf3f86e4f4ee06ee51c9
- SHA512
  
  97ef34c352eb5ca1a6efd63dd74193031a3881e6a2fcedb0c6464a8c9efdf33341b67517ca7e2b14d25a9dc9440321afbf76c2546a5ea2f66af5e2be6355a52c
- SSDEEP
  
  768:46lJ40YEiiCGMGHG7e01yzx611pvy9BtNQJt/2e4fYsPI:Pk0Yhyr93NQJtZ36I
Score

8^/10

persistence spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer