fc22fbdb473278776705e3e0112b041e911d3c498673ebe57842255dab44619b | Triage

Sharing

General

Target

fc22fbdb473278776705e3e0112b041e911d3c498673ebe57842255dab44619b
Size

931KB
Sample

221124-t16kysaf5t
MD5

744d4d9c13e02f420fb8c8f08739104d
SHA1

816fe7ec3f216ff2c1fee369f886b358fd5a8fa7
SHA256

fc22fbdb473278776705e3e0112b041e911d3c498673ebe57842255dab44619b
SHA512

1a5a9ebe5af47b2000d7cec6d1aa645eb96b651eea564d4e17f02223babfc41af1fcd025429b2fd4a4ae434e6cdc0559601bb5b6ee5a970b3d8ffbda14ceff50
SSDEEP

24576:h1OYdaOrCZ/iWCvu/2sWsJA/jlt+DHhs0:h1OsBCpYO/dJJDHhs0

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  fc22fbdb473278776705e3e0112b041e911d3c498673ebe57842255dab44619b
- Size
  
  931KB
- MD5
  
  744d4d9c13e02f420fb8c8f08739104d
- SHA1
  
  816fe7ec3f216ff2c1fee369f886b358fd5a8fa7
- SHA256
  
  fc22fbdb473278776705e3e0112b041e911d3c498673ebe57842255dab44619b
- SHA512
  
  1a5a9ebe5af47b2000d7cec6d1aa645eb96b651eea564d4e17f02223babfc41af1fcd025429b2fd4a4ae434e6cdc0559601bb5b6ee5a970b3d8ffbda14ceff50
- SSDEEP
  
  24576:h1OYdaOrCZ/iWCvu/2sWsJA/jlt+DHhs0:h1OsBCpYO/dJJDHhs0
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer