c50b17484cadcea044646d0c8792801004c1e03b41cfb52137de09233a848cd8 | Triage

Sharing

General

Target

c50b17484cadcea044646d0c8792801004c1e03b41cfb52137de09233a848cd8
Size

931KB
Sample

221124-x9wznahc9t
MD5

ae4f3ea3810b80b85c8da22fe23127d7
SHA1

fc0bdb9e81ceac5f9b0090755cc836c085e4bb28
SHA256

c50b17484cadcea044646d0c8792801004c1e03b41cfb52137de09233a848cd8
SHA512

2e9e3b950a40a4bee915924bdfab3f0c730b38c6c44c34760fc4f9205060e373b625aa6eeded1b3b56e118fabbc1d240f3685a47334d62bd82bce1ddcfad7ae3
SSDEEP

24576:h1OYdaOuCZ/iWCvu/2sWsJA/jlt+DHhs2:h1OsoCpYO/dJJDHhs2

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  c50b17484cadcea044646d0c8792801004c1e03b41cfb52137de09233a848cd8
- Size
  
  931KB
- MD5
  
  ae4f3ea3810b80b85c8da22fe23127d7
- SHA1
  
  fc0bdb9e81ceac5f9b0090755cc836c085e4bb28
- SHA256
  
  c50b17484cadcea044646d0c8792801004c1e03b41cfb52137de09233a848cd8
- SHA512
  
  2e9e3b950a40a4bee915924bdfab3f0c730b38c6c44c34760fc4f9205060e373b625aa6eeded1b3b56e118fabbc1d240f3685a47334d62bd82bce1ddcfad7ae3
- SSDEEP
  
  24576:h1OYdaOuCZ/iWCvu/2sWsJA/jlt+DHhs2:h1OsoCpYO/dJJDHhs2
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer