6efecc4e0da806742cd3e66b08ea7138ff802f90978f2328f4dc93bd6ac3b0bc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6efecc4e0da806742cd3e66b08ea7138ff802f90978f2328f4dc93bd6ac3b0bc
Size

931KB
Sample

221124-j6c6gsah77
MD5

b790e4052c8e6e37338daed47fd210ad
SHA1

98e76c449a302b810a9a999cc33d43ec1262a3d8
SHA256

6efecc4e0da806742cd3e66b08ea7138ff802f90978f2328f4dc93bd6ac3b0bc
SHA512

b8ed1f4a5679c5e3450db9702e60e5e6e0415f69d40eff9b1c9503822a12dab40464a5d2d7922f7c370930806933ab1b0526c0f3d8f6df9180a61327a63a4e62
SSDEEP

24576:h1OYdaOyMWSUbvCXEQKSqGv8VWumF6RmcJozyPvpfE:h1Os8MWyUQ+GUVFIcHPvpfE

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  6efecc4e0da806742cd3e66b08ea7138ff802f90978f2328f4dc93bd6ac3b0bc
- Size
  
  931KB
- MD5
  
  b790e4052c8e6e37338daed47fd210ad
- SHA1
  
  98e76c449a302b810a9a999cc33d43ec1262a3d8
- SHA256
  
  6efecc4e0da806742cd3e66b08ea7138ff802f90978f2328f4dc93bd6ac3b0bc
- SHA512
  
  b8ed1f4a5679c5e3450db9702e60e5e6e0415f69d40eff9b1c9503822a12dab40464a5d2d7922f7c370930806933ab1b0526c0f3d8f6df9180a61327a63a4e62
- SSDEEP
  
  24576:h1OYdaOyMWSUbvCXEQKSqGv8VWumF6RmcJozyPvpfE:h1Os8MWyUQ+GUVFIcHPvpfE
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer