58ee0b2407d0635e26a06b385b7e1b46d028ada1c7870b0e568f9fe2fbb5e4cb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

58ee0b2407d0635e26a06b385b7e1b46d028ada1c7870b0e568f9fe2fbb5e4cb
Size

192KB
Sample

221106-njzhesbgbj
MD5

1f874cba8237160535ec495a781ba22d
SHA1

ba5a5a754584fc205d3b16133ac6ee5b77544643
SHA256

58ee0b2407d0635e26a06b385b7e1b46d028ada1c7870b0e568f9fe2fbb5e4cb
SHA512

e4cdcbcc809fae13d3f2e7cf903370fde1a35b2b6f923eb7752e8f0a88ec8e73913480d43a7978934cfb99d47e169f5f2471119284cfc1afb7e5ac360b97483c
SSDEEP

3072:5f2+b0QUvhzaW3LYZmhjU6zloI4b4eI4weQ50zGQS2Qmuuy2Fw7deCkTu6bFu:V8p57YZ8jUMlrb3e807QPxjyS

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  58ee0b2407d0635e26a06b385b7e1b46d028ada1c7870b0e568f9fe2fbb5e4cb
- Size
  
  192KB
- MD5
  
  1f874cba8237160535ec495a781ba22d
- SHA1
  
  ba5a5a754584fc205d3b16133ac6ee5b77544643
- SHA256
  
  58ee0b2407d0635e26a06b385b7e1b46d028ada1c7870b0e568f9fe2fbb5e4cb
- SHA512
  
  e4cdcbcc809fae13d3f2e7cf903370fde1a35b2b6f923eb7752e8f0a88ec8e73913480d43a7978934cfb99d47e169f5f2471119284cfc1afb7e5ac360b97483c
- SSDEEP
  
  3072:5f2+b0QUvhzaW3LYZmhjU6zloI4b4eI4weQ50zGQS2Qmuuy2Fw7deCkTu6bFu:V8p57YZ8jUMlrb3e807QPxjyS
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2