fb9a0790e6e99e30dd8a155f685f71d98d3352130d379ad78c64770468e87128 | Triage

Sharing

General

Target

fb9a0790e6e99e30dd8a155f685f71d98d3352130d379ad78c64770468e87128
Size

920KB
Sample

221124-t27veafd99
MD5

c44f1b4c1494e12d0f0c6aa63baecc13
SHA1

c14a010671c4d17ac47c870b0a36ebc5ebaf68c8
SHA256

fb9a0790e6e99e30dd8a155f685f71d98d3352130d379ad78c64770468e87128
SHA512

e6f3793c71d4d9007772808fa7282a83c75f2ac45a2330325abcfc6c5a8c59fad5d70a87f80a5b25e0c873719749628bf1bffc27a8c1e8794d058c2418225fc9
SSDEEP

24576:h1OYdaOVMtdHAqcdDVhYwiei7+EpFAh/kKL:h1OsMPHVmVhYwiLtKkKL

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  fb9a0790e6e99e30dd8a155f685f71d98d3352130d379ad78c64770468e87128
- Size
  
  920KB
- MD5
  
  c44f1b4c1494e12d0f0c6aa63baecc13
- SHA1
  
  c14a010671c4d17ac47c870b0a36ebc5ebaf68c8
- SHA256
  
  fb9a0790e6e99e30dd8a155f685f71d98d3352130d379ad78c64770468e87128
- SHA512
  
  e6f3793c71d4d9007772808fa7282a83c75f2ac45a2330325abcfc6c5a8c59fad5d70a87f80a5b25e0c873719749628bf1bffc27a8c1e8794d058c2418225fc9
- SSDEEP
  
  24576:h1OYdaOVMtdHAqcdDVhYwiei7+EpFAh/kKL:h1OsMPHVmVhYwiLtKkKL
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer