68ee10fac62102b69aa015f336d259539f3590078facf6a23d71c811e65771f3 | Triage

Sharing

General

Target

68ee10fac62102b69aa015f336d259539f3590078facf6a23d71c811e65771f3
Size

924KB
Sample

221124-gwk28sge6w
MD5

c9ac571ce0221dfd503d8cf6cbcf89d5
SHA1

adcd2e32d13bbd4d2a11de03f0d4c3bb317ab0e7
SHA256

68ee10fac62102b69aa015f336d259539f3590078facf6a23d71c811e65771f3
SHA512

5ee849eaa738b53b12d15cea8dc8d3dc4be6c44ef5445f0995fad5ce0bc3fa3ab3b51b3bf4c26470b23525f088817c798a00c38534005b95e72d3ae31c1b7f2f
SSDEEP

24576:h1OYdaOffC5S9N6w6EVX1Lh+mN5Z4E8IlIyYuXc:h1OsSMN6wdBh5N5Z4E8PuXc

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  68ee10fac62102b69aa015f336d259539f3590078facf6a23d71c811e65771f3
- Size
  
  924KB
- MD5
  
  c9ac571ce0221dfd503d8cf6cbcf89d5
- SHA1
  
  adcd2e32d13bbd4d2a11de03f0d4c3bb317ab0e7
- SHA256
  
  68ee10fac62102b69aa015f336d259539f3590078facf6a23d71c811e65771f3
- SHA512
  
  5ee849eaa738b53b12d15cea8dc8d3dc4be6c44ef5445f0995fad5ce0bc3fa3ab3b51b3bf4c26470b23525f088817c798a00c38534005b95e72d3ae31c1b7f2f
- SSDEEP
  
  24576:h1OYdaOffC5S9N6w6EVX1Lh+mN5Z4E8IlIyYuXc:h1OsSMN6wdBh5N5Z4E8PuXc
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer