ca184f8ef0161e4a5d1fb46962e8fdbae8a10e923d0e632d4172c511bce6b7dc | Triage

Sharing

General

Target

ca184f8ef0161e4a5d1fb46962e8fdbae8a10e923d0e632d4172c511bce6b7dc
Size

931KB
Sample

221124-xy8jbagf6w
MD5

9942461ee5fca4054f920822e307af4f
SHA1

4fe9d98dec0e40969b460c563470abd13b1402ef
SHA256

ca184f8ef0161e4a5d1fb46962e8fdbae8a10e923d0e632d4172c511bce6b7dc
SHA512

ed1b73fe7e2626a5819dc81963c6d9f12dc6f198219541432309a7015a8bb695428971b8adf2ea97dcd35fe018715168365a8da2e996768e4950003c4ad11ebc
SSDEEP

24576:h1OYdaOyCZ/iWCvu/2sWsJA/jlt+DHhs/:h1OsECpYO/dJJDHhs/

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  ca184f8ef0161e4a5d1fb46962e8fdbae8a10e923d0e632d4172c511bce6b7dc
- Size
  
  931KB
- MD5
  
  9942461ee5fca4054f920822e307af4f
- SHA1
  
  4fe9d98dec0e40969b460c563470abd13b1402ef
- SHA256
  
  ca184f8ef0161e4a5d1fb46962e8fdbae8a10e923d0e632d4172c511bce6b7dc
- SHA512
  
  ed1b73fe7e2626a5819dc81963c6d9f12dc6f198219541432309a7015a8bb695428971b8adf2ea97dcd35fe018715168365a8da2e996768e4950003c4ad11ebc
- SSDEEP
  
  24576:h1OYdaOyCZ/iWCvu/2sWsJA/jlt+DHhs/:h1OsECpYO/dJJDHhs/
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer