481d92e94ce11b2eb989ca3f4d708d49a686ddddda45c25e84c6bff3e0d82792 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

481d92e94ce11b2eb989ca3f4d708d49a686ddddda45c25e84c6bff3e0d82792
Size

344KB
Sample

221107-xgl9rafadr
MD5

026306a114a575d4a2dc3fbd06c74b9a
SHA1

e4d01adf0e2240504fbd729fa0f006c5bd229bf4
SHA256

481d92e94ce11b2eb989ca3f4d708d49a686ddddda45c25e84c6bff3e0d82792
SHA512

f385ad2d1f719aa079c8788b30519da8033202c8e599551228bb30ff00bd04099fb77b988417d5b3eae222dae5b93082c2de8c0ccd5a875124fc0ad4d703f5d2
SSDEEP

6144:A/T3zd9AVAixibDqwbKhqjX9kjeKHYFqoECLrLnZF7tGUP+BgkTbXD/3/:A/XM4DShe9EcHPLrLZ5AICgkTP3/

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  481d92e94ce11b2eb989ca3f4d708d49a686ddddda45c25e84c6bff3e0d82792
- Size
  
  344KB
- MD5
  
  026306a114a575d4a2dc3fbd06c74b9a
- SHA1
  
  e4d01adf0e2240504fbd729fa0f006c5bd229bf4
- SHA256
  
  481d92e94ce11b2eb989ca3f4d708d49a686ddddda45c25e84c6bff3e0d82792
- SHA512
  
  f385ad2d1f719aa079c8788b30519da8033202c8e599551228bb30ff00bd04099fb77b988417d5b3eae222dae5b93082c2de8c0ccd5a875124fc0ad4d703f5d2
- SSDEEP
  
  6144:A/T3zd9AVAixibDqwbKhqjX9kjeKHYFqoECLrLnZF7tGUP+BgkTbXD/3/:A/XM4DShe9EcHPLrLZ5AICgkTP3/
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2