c4b0f8eaf3ee0c72aeb76d1c0d4ebfa90a0dda4cc7034891fc17c2691f98e8ad | Triage

Sharing

General

Target

c4b0f8eaf3ee0c72aeb76d1c0d4ebfa90a0dda4cc7034891fc17c2691f98e8ad
Size

919KB
Sample

221124-yapxqshd5x
MD5

616711ff3d42bcec2636a7c437e300c8
SHA1

9143f7d380470101abe9828ea98c9c556546605c
SHA256

c4b0f8eaf3ee0c72aeb76d1c0d4ebfa90a0dda4cc7034891fc17c2691f98e8ad
SHA512

2650f59ab6a54e247931f1d184544f978216c0a2dd02f3cdf7b2dcd5380182655bc6855be073a9ab3ccf94c73fd0f7ff3c8fce7750dc848a17f0b562b4790500
SSDEEP

24576:h1OYdaOdMtdHAqcdDVhYwiei7+EpFAh/kKU:h1OsAPHVmVhYwiLtKkKU

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  c4b0f8eaf3ee0c72aeb76d1c0d4ebfa90a0dda4cc7034891fc17c2691f98e8ad
- Size
  
  919KB
- MD5
  
  616711ff3d42bcec2636a7c437e300c8
- SHA1
  
  9143f7d380470101abe9828ea98c9c556546605c
- SHA256
  
  c4b0f8eaf3ee0c72aeb76d1c0d4ebfa90a0dda4cc7034891fc17c2691f98e8ad
- SHA512
  
  2650f59ab6a54e247931f1d184544f978216c0a2dd02f3cdf7b2dcd5380182655bc6855be073a9ab3ccf94c73fd0f7ff3c8fce7750dc848a17f0b562b4790500
- SSDEEP
  
  24576:h1OYdaOdMtdHAqcdDVhYwiei7+EpFAh/kKU:h1OsAPHVmVhYwiLtKkKU
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer