c43e09be1e7aa6d1da0f6a658ea4b8ccbc83aa13bed148879ccfa866ccbb1784 | Triage

Sharing

General

Target

c43e09be1e7aa6d1da0f6a658ea4b8ccbc83aa13bed148879ccfa866ccbb1784
Size

932KB
Sample

221124-ybfqfsec88
MD5

78fc6e9c67e2b7b9500051656d39d489
SHA1

8091b00a5b1bca53b28d75c104ef14b68b16dfef
SHA256

c43e09be1e7aa6d1da0f6a658ea4b8ccbc83aa13bed148879ccfa866ccbb1784
SHA512

5ff0ac827a984e05f1aefecf7eb2a0b8f87705deb400b8bf607b750153ead068900c94da7246401c983b5f26851181ce206418df595dbc7a5c137f20b4fc4991
SSDEEP

24576:h1OYdaOaCZ/iWCvu/2sWsJA/jlt+DHhsn:h1Os0CpYO/dJJDHhsn

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  c43e09be1e7aa6d1da0f6a658ea4b8ccbc83aa13bed148879ccfa866ccbb1784
- Size
  
  932KB
- MD5
  
  78fc6e9c67e2b7b9500051656d39d489
- SHA1
  
  8091b00a5b1bca53b28d75c104ef14b68b16dfef
- SHA256
  
  c43e09be1e7aa6d1da0f6a658ea4b8ccbc83aa13bed148879ccfa866ccbb1784
- SHA512
  
  5ff0ac827a984e05f1aefecf7eb2a0b8f87705deb400b8bf607b750153ead068900c94da7246401c983b5f26851181ce206418df595dbc7a5c137f20b4fc4991
- SSDEEP
  
  24576:h1OYdaOaCZ/iWCvu/2sWsJA/jlt+DHhsn:h1Os0CpYO/dJJDHhsn
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer