feed1293132c1acc29b7883a303115db0b51f282981ce3189fb03d376d5d71b4 | Triage

Sharing

General

Target

feed1293132c1acc29b7883a303115db0b51f282981ce3189fb03d376d5d71b4
Size

920KB
Sample

221124-tv77lafa66
MD5

53c9bca267f05528775e9ea417f8d3ab
SHA1

b4affd310aee3c83075bcf7bfec493d5a72b3717
SHA256

feed1293132c1acc29b7883a303115db0b51f282981ce3189fb03d376d5d71b4
SHA512

73e92c5453280d0d9157be9353229ca0b4f3a00e61e161a5a65f43dddaf3d06a50d4259d5b1376a268e50ccd140ef5881cc0323f5acbe909eecf2c05d6caea3c
SSDEEP

24576:h1OYdaOrMtdHAqcdDVhYwiei7+EpFAh/kKm:h1OsqPHVmVhYwiLtKkKm

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  feed1293132c1acc29b7883a303115db0b51f282981ce3189fb03d376d5d71b4
- Size
  
  920KB
- MD5
  
  53c9bca267f05528775e9ea417f8d3ab
- SHA1
  
  b4affd310aee3c83075bcf7bfec493d5a72b3717
- SHA256
  
  feed1293132c1acc29b7883a303115db0b51f282981ce3189fb03d376d5d71b4
- SHA512
  
  73e92c5453280d0d9157be9353229ca0b4f3a00e61e161a5a65f43dddaf3d06a50d4259d5b1376a268e50ccd140ef5881cc0323f5acbe909eecf2c05d6caea3c
- SSDEEP
  
  24576:h1OYdaOrMtdHAqcdDVhYwiei7+EpFAh/kKm:h1OsqPHVmVhYwiLtKkKm
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer