0f67a36b851e12e5073b17211a53912f42a8dd0986d58174caea14c59a5dd7ef | Triage

Sharing

General

Target

0f67a36b851e12e5073b17211a53912f42a8dd0986d58174caea14c59a5dd7ef
Size

930KB
Sample

221124-gkd5jsfg61
MD5

c94bbd13c8071c810c6924b76b60cfd2
SHA1

852ad2a9bc8d440835c8f3e66b2dfc13b61c1b87
SHA256

0f67a36b851e12e5073b17211a53912f42a8dd0986d58174caea14c59a5dd7ef
SHA512

5eef1c83151578724791026a6f75ce48078673127e1e66a84f8f9d7a311a06172a029efa130bacc20fda5261d5eacb5571cce70e66ff56515d784ba72d73082e
SSDEEP

24576:h1OYdaOxMWSUbvCXEQKSqGv8VWumF6RmcJozyPvpf9:h1OsDMWyUQ+GUVFIcHPvpf9

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  0f67a36b851e12e5073b17211a53912f42a8dd0986d58174caea14c59a5dd7ef
- Size
  
  930KB
- MD5
  
  c94bbd13c8071c810c6924b76b60cfd2
- SHA1
  
  852ad2a9bc8d440835c8f3e66b2dfc13b61c1b87
- SHA256
  
  0f67a36b851e12e5073b17211a53912f42a8dd0986d58174caea14c59a5dd7ef
- SHA512
  
  5eef1c83151578724791026a6f75ce48078673127e1e66a84f8f9d7a311a06172a029efa130bacc20fda5261d5eacb5571cce70e66ff56515d784ba72d73082e
- SSDEEP
  
  24576:h1OYdaOxMWSUbvCXEQKSqGv8VWumF6RmcJozyPvpf9:h1OsDMWyUQ+GUVFIcHPvpf9
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryspywarestealer