c5640396dc2eabfd4ab85871b92138a38c75dce89d7fd634f93e2338a0334b7a | Triage

Sharing

General

Target

c5640396dc2eabfd4ab85871b92138a38c75dce89d7fd634f93e2338a0334b7a
Size

932KB
Sample

221124-x9ck1shc7s
MD5

9e9a72eb930b9ebab3608e4fe6673b2e
SHA1

1c9e5e1782eaf2a0dfb0af9a067a176abb1cc73b
SHA256

c5640396dc2eabfd4ab85871b92138a38c75dce89d7fd634f93e2338a0334b7a
SHA512

87c18a580f923c0b2b8bd9ced1def59499bcddaecbc344c631189a19c6b998f82af1afce0f46d4b33a785aba83bd22ba9c844f0ba1dd32df5de8c62bcb7770c8
SSDEEP

24576:h1OYdaOeCZ/iWCvu/2sWsJA/jlt+DHhsP:h1OsACpYO/dJJDHhsP

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  c5640396dc2eabfd4ab85871b92138a38c75dce89d7fd634f93e2338a0334b7a
- Size
  
  932KB
- MD5
  
  9e9a72eb930b9ebab3608e4fe6673b2e
- SHA1
  
  1c9e5e1782eaf2a0dfb0af9a067a176abb1cc73b
- SHA256
  
  c5640396dc2eabfd4ab85871b92138a38c75dce89d7fd634f93e2338a0334b7a
- SHA512
  
  87c18a580f923c0b2b8bd9ced1def59499bcddaecbc344c631189a19c6b998f82af1afce0f46d4b33a785aba83bd22ba9c844f0ba1dd32df5de8c62bcb7770c8
- SSDEEP
  
  24576:h1OYdaOeCZ/iWCvu/2sWsJA/jlt+DHhsP:h1OsACpYO/dJJDHhsP
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer