ca0c21bc329eaee8f90698d60a96d1bb2e9e84f1bb9c2c7c259030be8fc30945 | Triage

Sharing

General

Target

ca0c21bc329eaee8f90698d60a96d1bb2e9e84f1bb9c2c7c259030be8fc30945
Size

931KB
Sample

221124-xzemmagf7y
MD5

9f4d9865b39b44eb4066477491f6ed85
SHA1

d0f871b61aa21851e6862d9e3d9db90fdde2dfe7
SHA256

ca0c21bc329eaee8f90698d60a96d1bb2e9e84f1bb9c2c7c259030be8fc30945
SHA512

818f30b3583784557e58cbc3551896b19a7497d59ebee005510895650d1e7b4309ffc06639b70a656c1ecc2219dd93cc2e8014b12908e53a18a4b28437702161
SSDEEP

24576:h1OYdaOGCZ/iWCvu/2sWsJA/jlt+DHhsE:h1OsMCpYO/dJJDHhsE

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  ca0c21bc329eaee8f90698d60a96d1bb2e9e84f1bb9c2c7c259030be8fc30945
- Size
  
  931KB
- MD5
  
  9f4d9865b39b44eb4066477491f6ed85
- SHA1
  
  d0f871b61aa21851e6862d9e3d9db90fdde2dfe7
- SHA256
  
  ca0c21bc329eaee8f90698d60a96d1bb2e9e84f1bb9c2c7c259030be8fc30945
- SHA512
  
  818f30b3583784557e58cbc3551896b19a7497d59ebee005510895650d1e7b4309ffc06639b70a656c1ecc2219dd93cc2e8014b12908e53a18a4b28437702161
- SSDEEP
  
  24576:h1OYdaOGCZ/iWCvu/2sWsJA/jlt+DHhsE:h1OsMCpYO/dJJDHhsE
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer