ceb8b97dea3570119c080df966dee5ce3b00efd81c9fa6e4044ab7db084172bc | Triage

Sharing

General

Target

ceb8b97dea3570119c080df966dee5ce3b00efd81c9fa6e4044ab7db084172bc
Size

932KB
Sample

221124-xpj5csch99
MD5

372c4d2ceeaeb78ad560cad01320e88c
SHA1

8e3c30cceb8b312d13a7f103cd5242458700f961
SHA256

ceb8b97dea3570119c080df966dee5ce3b00efd81c9fa6e4044ab7db084172bc
SHA512

896351b2ffc5a1fa8d76cf5613ca58f7d2e87875adf7c080f7080b9ae179d99b494ccccd3418a776f13095e233c668356b501c541b924250a0585f06b00e6d15
SSDEEP

24576:h1OYdaOuCZ/iWCvu/2sWsJA/jlt+DHhsN:h1Os0CpYO/dJJDHhsN

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  ceb8b97dea3570119c080df966dee5ce3b00efd81c9fa6e4044ab7db084172bc
- Size
  
  932KB
- MD5
  
  372c4d2ceeaeb78ad560cad01320e88c
- SHA1
  
  8e3c30cceb8b312d13a7f103cd5242458700f961
- SHA256
  
  ceb8b97dea3570119c080df966dee5ce3b00efd81c9fa6e4044ab7db084172bc
- SHA512
  
  896351b2ffc5a1fa8d76cf5613ca58f7d2e87875adf7c080f7080b9ae179d99b494ccccd3418a776f13095e233c668356b501c541b924250a0585f06b00e6d15
- SSDEEP
  
  24576:h1OYdaOuCZ/iWCvu/2sWsJA/jlt+DHhsN:h1Os0CpYO/dJJDHhsN
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer