3ae0a792dfc52a2e0af92eae76222ea3d00196bd92ee6bacaeed57338b079489 | Triage

Sharing

General

Target

3ae0a792dfc52a2e0af92eae76222ea3d00196bd92ee6bacaeed57338b079489
Size

75KB
Sample

221123-lwqd6sfh2y
MD5

9c6444dff31d5faebd5f6178ea06405b
SHA1

a37e10283bc8e2cbfde7c59c56c8e63fa965cea5
SHA256

3ae0a792dfc52a2e0af92eae76222ea3d00196bd92ee6bacaeed57338b079489
SHA512

63fa6cfa4316854497e1afc8d8c16d86f3bfc17d0bb98e7dbf368dd34bd6ab163f2e5086b93bce8da1eb9ba63831da2275d7a678e5bb94f27187841a20e695c2
SSDEEP

1536:kjrqL9dAlxVGAZ+cpIbVuSCc98Sad7xaY1gnOIqjybLm77D:kj2hdAlxUAVIbiu4EYeOxy+XD

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  3ae0a792dfc52a2e0af92eae76222ea3d00196bd92ee6bacaeed57338b079489
- Size
  
  75KB
- MD5
  
  9c6444dff31d5faebd5f6178ea06405b
- SHA1
  
  a37e10283bc8e2cbfde7c59c56c8e63fa965cea5
- SHA256
  
  3ae0a792dfc52a2e0af92eae76222ea3d00196bd92ee6bacaeed57338b079489
- SHA512
  
  63fa6cfa4316854497e1afc8d8c16d86f3bfc17d0bb98e7dbf368dd34bd6ab163f2e5086b93bce8da1eb9ba63831da2275d7a678e5bb94f27187841a20e695c2
- SSDEEP
  
  1536:kjrqL9dAlxVGAZ+cpIbVuSCc98Sad7xaY1gnOIqjybLm77D:kj2hdAlxUAVIbiu4EYeOxy+XD
Score

7^/10

persistence spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer