8f7f4476d157fefcd825a1456d723eed79f51b132954915726b637fd992cfc4f | Triage

Sharing

General

Target

8f7f4476d157fefcd825a1456d723eed79f51b132954915726b637fd992cfc4f
Size

224KB
Sample

221124-ervprsbe51
MD5

68e7280a89fde79cdf42db10144734b0
SHA1

10cbe3651b21c15c009f123c4b694ddaff19d7df
SHA256

8f7f4476d157fefcd825a1456d723eed79f51b132954915726b637fd992cfc4f
SHA512

2406033cebb884bf6844362303cb6eba8c5740880447cf77d35b3fc6cb8b2629e0665bf048e21063fe9952473323586ef757718c4a230b3a3d0568f99788c95a
SSDEEP

3072:hg7wCSYVYptKi7jAh2hG/qWJ4ABoXKUQsaaQqb7VTPnDPymhkVSIWCnpeqQT:hPYG/ABqEBoVZb7NPLctpzQT

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  8f7f4476d157fefcd825a1456d723eed79f51b132954915726b637fd992cfc4f
- Size
  
  224KB
- MD5
  
  68e7280a89fde79cdf42db10144734b0
- SHA1
  
  10cbe3651b21c15c009f123c4b694ddaff19d7df
- SHA256
  
  8f7f4476d157fefcd825a1456d723eed79f51b132954915726b637fd992cfc4f
- SHA512
  
  2406033cebb884bf6844362303cb6eba8c5740880447cf77d35b3fc6cb8b2629e0665bf048e21063fe9952473323586ef757718c4a230b3a3d0568f99788c95a
- SSDEEP
  
  3072:hg7wCSYVYptKi7jAh2hG/qWJ4ABoXKUQsaaQqb7VTPnDPymhkVSIWCnpeqQT:hPYG/ABqEBoVZb7NPLctpzQT
Score

7^/10

discovery spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer