e282d7499eeb5510edc61debee35c3fc83a785a944e2f487bd470590f6c1a031 | Triage

Sharing

General

Target

e282d7499eeb5510edc61debee35c3fc83a785a944e2f487bd470590f6c1a031
Size

76KB
Sample

221124-whxansae97
MD5

c5ca1f7f8bbe72dfcbfe371589e13ea7
SHA1

bda4a59da1bdce3d205a4bfb5fcf6c462d0a0792
SHA256

e282d7499eeb5510edc61debee35c3fc83a785a944e2f487bd470590f6c1a031
SHA512

c1a64e19c12c03fdc8b716a78f256552036ff20ed56a5df3eff96f85e9e28f73282cca08f529cd48ea4bf65de17a8f6d861cf9e5b5f45961089f9490bcec1bbc
SSDEEP

1536:9W8QnR+yvHeZT71FeKtqT0Rqz/mp1tKIUjt:wRmT5FXqgIyp1tKLjt

Score

10^/10

persistence spyware stealer

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
overcomer123

Targets

- Target
  
  e282d7499eeb5510edc61debee35c3fc83a785a944e2f487bd470590f6c1a031
- Size
  
  76KB
- MD5
  
  c5ca1f7f8bbe72dfcbfe371589e13ea7
- SHA1
  
  bda4a59da1bdce3d205a4bfb5fcf6c462d0a0792
- SHA256
  
  e282d7499eeb5510edc61debee35c3fc83a785a944e2f487bd470590f6c1a031
- SHA512
  
  c1a64e19c12c03fdc8b716a78f256552036ff20ed56a5df3eff96f85e9e28f73282cca08f529cd48ea4bf65de17a8f6d861cf9e5b5f45961089f9490bcec1bbc
- SSDEEP
  
  1536:9W8QnR+yvHeZT71FeKtqT0Rqz/mp1tKIUjt:wRmT5FXqgIyp1tKLjt
Score

10^/10

persistence spyware stealer
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2