c2f8a5d149a892e718f164a8a5026fac9960eafce28184b4f51c9543f7764fe8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c2f8a5d149a892e718f164a8a5026fac9960eafce28184b4f51c9543f7764fe8
Size

770KB
Sample

221124-fhrr7add8z
MD5

f025afdfae0f699082d26919f2b9cbd0
SHA1

9caf375b285f2031609ef8aba1b2fb8e60322699
SHA256

c2f8a5d149a892e718f164a8a5026fac9960eafce28184b4f51c9543f7764fe8
SHA512

525915ea516237da123cf1d6b67fb597dca368de5eb219241ea2c75d7185134ac906bbf07dda55b7c6c723db525c0e8efe588ded5fcb7b347f14ab8398258018
SSDEEP

6144:h1OgDPdkBAFZWjadD4s5McpukdtqCo5imi5SIbSocpzWzZ+v9Z94Aq9SDkncvxVa:h1OgLdaOFSConAwWcv9nq9JcjToFM4t7

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  c2f8a5d149a892e718f164a8a5026fac9960eafce28184b4f51c9543f7764fe8
- Size
  
  770KB
- MD5
  
  f025afdfae0f699082d26919f2b9cbd0
- SHA1
  
  9caf375b285f2031609ef8aba1b2fb8e60322699
- SHA256
  
  c2f8a5d149a892e718f164a8a5026fac9960eafce28184b4f51c9543f7764fe8
- SHA512
  
  525915ea516237da123cf1d6b67fb597dca368de5eb219241ea2c75d7185134ac906bbf07dda55b7c6c723db525c0e8efe588ded5fcb7b347f14ab8398258018
- SSDEEP
  
  6144:h1OgDPdkBAFZWjadD4s5McpukdtqCo5imi5SIbSocpzWzZ+v9Z94Aq9SDkncvxVa:h1OgLdaOFSConAwWcv9nq9JcjToFM4t7
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer