7ac4ba6a0c6fcc5e815308e7a27b0b2148f9e7642651092db997ca178a024c3d | Triage

Sharing

General

Target

file
Size

793KB
Sample

221124-vd18dsbd8w
MD5

e20a655b86160ccf447335a2c46f26b5
SHA1

d4ab242cb31486f3157e671c66a6928877153e33
SHA256

7ac4ba6a0c6fcc5e815308e7a27b0b2148f9e7642651092db997ca178a024c3d
SHA512

96d5d459c5788dea9c497a1bb8152caeb43595b768e5d432896dff2dceafc0abd2eadff6f9b3356882ff9530a795101191b07f91932eb346c05a2d9183356a73
SSDEEP

24576:hLAt3ieGOGoNOcfLtAz2QFPlePWBoytIj:te/VNLFIAPxGY

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  file
- Size
  
  793KB
- MD5
  
  e20a655b86160ccf447335a2c46f26b5
- SHA1
  
  d4ab242cb31486f3157e671c66a6928877153e33
- SHA256
  
  7ac4ba6a0c6fcc5e815308e7a27b0b2148f9e7642651092db997ca178a024c3d
- SHA512
  
  96d5d459c5788dea9c497a1bb8152caeb43595b768e5d432896dff2dceafc0abd2eadff6f9b3356882ff9530a795101191b07f91932eb346c05a2d9183356a73
- SSDEEP
  
  24576:hLAt3ieGOGoNOcfLtAz2QFPlePWBoytIj:te/VNLFIAPxGY
Score

8^/10

persistence spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2