e29943099580c74f763cd91fc5a40012da6002b87c10154d69d0cd9842c489bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e29943099580c74f763cd91fc5a40012da6002b87c10154d69d0cd9842c489bb
Size

931KB
Sample

221124-m5zvmsch8z
MD5

bc3bbfa0a227de0d4bbcdd9d48cf22c5
SHA1

e512843b72eadb89ab6ed18606e1db0a9992b5a4
SHA256

e29943099580c74f763cd91fc5a40012da6002b87c10154d69d0cd9842c489bb
SHA512

551403507d7cfc17a951646872d1dd87b8dc45ed58746fd416d20457420490d68cbe9937eddc7375994bba86361faf5765ac6d0880ccdf55c3308981dce6e766
SSDEEP

24576:h1OYdaOlMWSUbvCXEQKSqGv8VWumF6RmcJozyPvpfi:h1OsrMWyUQ+GUVFIcHPvpfi

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  e29943099580c74f763cd91fc5a40012da6002b87c10154d69d0cd9842c489bb
- Size
  
  931KB
- MD5
  
  bc3bbfa0a227de0d4bbcdd9d48cf22c5
- SHA1
  
  e512843b72eadb89ab6ed18606e1db0a9992b5a4
- SHA256
  
  e29943099580c74f763cd91fc5a40012da6002b87c10154d69d0cd9842c489bb
- SHA512
  
  551403507d7cfc17a951646872d1dd87b8dc45ed58746fd416d20457420490d68cbe9937eddc7375994bba86361faf5765ac6d0880ccdf55c3308981dce6e766
- SSDEEP
  
  24576:h1OYdaOlMWSUbvCXEQKSqGv8VWumF6RmcJozyPvpfi:h1OsrMWyUQ+GUVFIcHPvpfi
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer