b7270d5ed353bd60aa1289ffe18dea19dca27c1840f41cc7e39f4533fc5bd13c | Triage

Sharing

General

Target

b7270d5ed353bd60aa1289ffe18dea19dca27c1840f41cc7e39f4533fc5bd13c
Size

243KB
Sample

221124-e6n6jacf2s
MD5

58361579081487da6db73c5c58ab6af7
SHA1

935c33cc4420afc4d6910bda37838c8353de3338
SHA256

b7270d5ed353bd60aa1289ffe18dea19dca27c1840f41cc7e39f4533fc5bd13c
SHA512

18c11a9aeb37a51027adafcb20ea4ceb9a4ea33c93a886d1d6b34f35e517695fbaa4d4ce75c98fb8dfb6e0d6a6a198592ca377f21693910960b09f31fb17a66c
SSDEEP

6144:1QqCMznO9XDHdrmlopP4hc1HGr+mI7eR/LPZo/mSNywkB:+yYLolwPoc1HvxCRrZo/94B

Score

9^/10

evasion spyware stealer

Malware Config

Targets

- Target
  
  b7270d5ed353bd60aa1289ffe18dea19dca27c1840f41cc7e39f4533fc5bd13c
- Size
  
  243KB
- MD5
  
  58361579081487da6db73c5c58ab6af7
- SHA1
  
  935c33cc4420afc4d6910bda37838c8353de3338
- SHA256
  
  b7270d5ed353bd60aa1289ffe18dea19dca27c1840f41cc7e39f4533fc5bd13c
- SHA512
  
  18c11a9aeb37a51027adafcb20ea4ceb9a4ea33c93a886d1d6b34f35e517695fbaa4d4ce75c98fb8dfb6e0d6a6a198592ca377f21693910960b09f31fb17a66c
- SSDEEP
  
  6144:1QqCMznO9XDHdrmlopP4hc1HGr+mI7eR/LPZo/mSNywkB:+yYLolwPoc1HvxCRrZo/94B
Score

9^/10

evasion spyware stealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealer

behavioral2

evasionspywarestealer