84ea4942272e39177179e5dde1151cb8bf7cd8c586f2a838d77053faf1b99227 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

84ea4942272e39177179e5dde1151cb8bf7cd8c586f2a838d77053faf1b99227
Size

785KB
Sample

221124-fpgkssah28
MD5

bace0c9e200cfd06d6e35c9687a45fc9
SHA1

c745e0607fb5680869019a86a45c07bf3676a1c2
SHA256

84ea4942272e39177179e5dde1151cb8bf7cd8c586f2a838d77053faf1b99227
SHA512

528904f2e46da5fa050c111fbcc90982b0a6ecd6410dfb9f955b61e24506b6cb5124bd9b0959fcfa3e88cb4119cd423612130fd24016e6dd784c3a1906d41302
SSDEEP

12288:h1OgLdaOgFF1Pjzs3n1CJ7EM4KIc8YFW3vegGzMyyD0rcXPaOGO:h1OYdaOGjfen1Y6KIc8dPD

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  84ea4942272e39177179e5dde1151cb8bf7cd8c586f2a838d77053faf1b99227
- Size
  
  785KB
- MD5
  
  bace0c9e200cfd06d6e35c9687a45fc9
- SHA1
  
  c745e0607fb5680869019a86a45c07bf3676a1c2
- SHA256
  
  84ea4942272e39177179e5dde1151cb8bf7cd8c586f2a838d77053faf1b99227
- SHA512
  
  528904f2e46da5fa050c111fbcc90982b0a6ecd6410dfb9f955b61e24506b6cb5124bd9b0959fcfa3e88cb4119cd423612130fd24016e6dd784c3a1906d41302
- SSDEEP
  
  12288:h1OgLdaOgFF1Pjzs3n1CJ7EM4KIc8YFW3vegGzMyyD0rcXPaOGO:h1OYdaOGjfen1Y6KIc8dPD
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer