cf2ef44ec8bb55fdd9ae370d0314de5ef060b8f4d89f2118feff255a9a5231b6 | Triage

Sharing

General

Target

cf2ef44ec8bb55fdd9ae370d0314de5ef060b8f4d89f2118feff255a9a5231b6
Size

931KB
Sample

221124-xnb3csga71
MD5

d99beb0c2d51736c572e8fdde7b2c686
SHA1

3c09df307f02c5677ce25258637bb384c1482262
SHA256

cf2ef44ec8bb55fdd9ae370d0314de5ef060b8f4d89f2118feff255a9a5231b6
SHA512

c1730837c21a6caf47b6fcb5819a3b933c7928ac129ed5ae2ecece43af5c8f7fb451931fa2719096b013c7b23424e9319890555bd6fd88ffb306954653d71064
SSDEEP

24576:h1OYdaOpCZ/iWCvu/2sWsJA/jlt+DHhsR:h1OsHCpYO/dJJDHhsR

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  cf2ef44ec8bb55fdd9ae370d0314de5ef060b8f4d89f2118feff255a9a5231b6
- Size
  
  931KB
- MD5
  
  d99beb0c2d51736c572e8fdde7b2c686
- SHA1
  
  3c09df307f02c5677ce25258637bb384c1482262
- SHA256
  
  cf2ef44ec8bb55fdd9ae370d0314de5ef060b8f4d89f2118feff255a9a5231b6
- SHA512
  
  c1730837c21a6caf47b6fcb5819a3b933c7928ac129ed5ae2ecece43af5c8f7fb451931fa2719096b013c7b23424e9319890555bd6fd88ffb306954653d71064
- SSDEEP
  
  24576:h1OYdaOpCZ/iWCvu/2sWsJA/jlt+DHhsR:h1OsHCpYO/dJJDHhsR
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer