a7f21ecf4cf7f47ce4118cea14377db5f850eb86681c6ef31a85ef923071cb93 | Triage

Sharing

General

Target

a7f21ecf4cf7f47ce4118cea14377db5f850eb86681c6ef31a85ef923071cb93
Size

121KB
Sample

221124-ar6d2sfb79
MD5

0a7aa243845b1a597bf3138f0bcb0ce8
SHA1

569d53e28f34d6545baa43e59cc222fa57851ad5
SHA256

a7f21ecf4cf7f47ce4118cea14377db5f850eb86681c6ef31a85ef923071cb93
SHA512

7876f1b9fff584709f80e511585c42b80a27478ef87edbde63129fdba97641150d3306fc02ee18762333e796736f5bd410b175db4a77a48c1e363feead56ba24
SSDEEP

1536:/BOWsrz8VuJlMXaDuiNik1JCXf3l9izMfUBRq/YxiLvxnjXIRXMMGBkyJMjZROYc:/By8ulMXaKpNf3wRqQxKvxnsRcaC

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  a7f21ecf4cf7f47ce4118cea14377db5f850eb86681c6ef31a85ef923071cb93
- Size
  
  121KB
- MD5
  
  0a7aa243845b1a597bf3138f0bcb0ce8
- SHA1
  
  569d53e28f34d6545baa43e59cc222fa57851ad5
- SHA256
  
  a7f21ecf4cf7f47ce4118cea14377db5f850eb86681c6ef31a85ef923071cb93
- SHA512
  
  7876f1b9fff584709f80e511585c42b80a27478ef87edbde63129fdba97641150d3306fc02ee18762333e796736f5bd410b175db4a77a48c1e363feead56ba24
- SSDEEP
  
  1536:/BOWsrz8VuJlMXaDuiNik1JCXf3l9izMfUBRq/YxiLvxnjXIRXMMGBkyJMjZROYc:/By8ulMXaKpNf3wRqQxKvxnsRcaC
Score

8^/10

spyware stealer
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2