bd62af2ebe157658da1bb4150df492e013fcdabc98d52da2c7a45ec88f34843e | Triage

Sharing

General

Target

bd62af2ebe157658da1bb4150df492e013fcdabc98d52da2c7a45ec88f34843e
Size

89KB
Sample

221107-zqv95ahbg4
MD5

0bbf7c9c3c645d4105e42495f1d12810
SHA1

8eeb257c15a92baaaaca114ec4c2e250915950a1
SHA256

bd62af2ebe157658da1bb4150df492e013fcdabc98d52da2c7a45ec88f34843e
SHA512

fab44799bdb8ac756241dcd719853b66cde4afe58ad26bb693660706c4828cde6747e8d9a34f6d83891ce9b580c5f7d1599bff116014cabd5133412a5ad9437a
SSDEEP

1536:u7qnkAQtSaoGo5n4iLG0/WM6TnHSaYqemmjx73ZD5tN:/CSjGoLpWM65lmjx73h

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  bd62af2ebe157658da1bb4150df492e013fcdabc98d52da2c7a45ec88f34843e
- Size
  
  89KB
- MD5
  
  0bbf7c9c3c645d4105e42495f1d12810
- SHA1
  
  8eeb257c15a92baaaaca114ec4c2e250915950a1
- SHA256
  
  bd62af2ebe157658da1bb4150df492e013fcdabc98d52da2c7a45ec88f34843e
- SHA512
  
  fab44799bdb8ac756241dcd719853b66cde4afe58ad26bb693660706c4828cde6747e8d9a34f6d83891ce9b580c5f7d1599bff116014cabd5133412a5ad9437a
- SSDEEP
  
  1536:u7qnkAQtSaoGo5n4iLG0/WM6TnHSaYqemmjx73ZD5tN:/CSjGoLpWM65lmjx73h
Score

8^/10

persistence spyware stealer
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer