fe05802c5b08db9504a60a53834491a6c3928861d6c1cd699988cb4113750afe | Triage

Sharing

General

Target

fe05802c5b08db9504a60a53834491a6c3928861d6c1cd699988cb4113750afe
Size

920KB
Sample

221124-txrmmaad5z
MD5

0cb5fc9f1fd04958fb8ddcd96ba0b6db
SHA1

10ff682203b0a3c25bb1ee0d89eca7486880db1d
SHA256

fe05802c5b08db9504a60a53834491a6c3928861d6c1cd699988cb4113750afe
SHA512

83df89ce34816e83f541a592a6606778918cc46d1fda126f1c2904647f3c4f51107bf844072bfa222b95e036281f75d2274f94ed98f8b80a34045c0467fb54f1
SSDEEP

24576:h1OYdaOkMtdHAqcdDVhYwiei7+EpFAh/kKe:h1OsFPHVmVhYwiLtKkKe

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  fe05802c5b08db9504a60a53834491a6c3928861d6c1cd699988cb4113750afe
- Size
  
  920KB
- MD5
  
  0cb5fc9f1fd04958fb8ddcd96ba0b6db
- SHA1
  
  10ff682203b0a3c25bb1ee0d89eca7486880db1d
- SHA256
  
  fe05802c5b08db9504a60a53834491a6c3928861d6c1cd699988cb4113750afe
- SHA512
  
  83df89ce34816e83f541a592a6606778918cc46d1fda126f1c2904647f3c4f51107bf844072bfa222b95e036281f75d2274f94ed98f8b80a34045c0467fb54f1
- SSDEEP
  
  24576:h1OYdaOkMtdHAqcdDVhYwiei7+EpFAh/kKe:h1OsFPHVmVhYwiLtKkKe
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer