3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e | Triage

Sharing

General

Target

3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e
Size

58KB
Sample

221124-arzw9sad4y
MD5

2fd8bd94ec8b0c1826993a7b51957810
SHA1

03fec5b4fae4b00f3a256d3d902f2a1562feb220
SHA256

3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e
SHA512

1d1478a97805b2052b5bce6c13d1b254439bb4943dfce2ff8f25e2b214f6130028488b72cec78da4747dccf4aba7f56c8e1dd01aef7d3c09a463c767481d05d4
SSDEEP

1536:PnXyAaYzMXqtGNttyUn01Q78a4RiZ/7Xn1nlMtI:PnCAaY46tGNttyJQ7KRiZ/7X1+tI

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e
- Size
  
  58KB
- MD5
  
  2fd8bd94ec8b0c1826993a7b51957810
- SHA1
  
  03fec5b4fae4b00f3a256d3d902f2a1562feb220
- SHA256
  
  3a05d5e25a465a553212056d9037d5c7b7e9565ba309961b57603457321cb01e
- SHA512
  
  1d1478a97805b2052b5bce6c13d1b254439bb4943dfce2ff8f25e2b214f6130028488b72cec78da4747dccf4aba7f56c8e1dd01aef7d3c09a463c767481d05d4
- SSDEEP
  
  1536:PnXyAaYzMXqtGNttyUn01Q78a4RiZ/7Xn1nlMtI:PnCAaY46tGNttyJQ7KRiZ/7X1+tI
Score

8^/10

spyware stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Deletes itself
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2