c43da445ca314d3a12c15ad28268413c3fd95a5c5defcce866f8ee2bf66c2004 | Triage

Sharing

General

Target

c43da445ca314d3a12c15ad28268413c3fd95a5c5defcce866f8ee2bf66c2004
Size

920KB
Sample

221124-ybgmraec92
MD5

edbaec03fbb236a66f7c85efb0e0034e
SHA1

88fcd828dc8b1d57b60922c957cf94eb4603cd7e
SHA256

c43da445ca314d3a12c15ad28268413c3fd95a5c5defcce866f8ee2bf66c2004
SHA512

8633d7f92f89a84a82f2fcc45bf186afe59e21048ca02dbac076138aeaaad819ebc865c57d1133563ff68d9cdfe4b84182d9763ae71d01f52e6105fc26303c29
SSDEEP

24576:h1OYdaOmMtdHAqcdDVhYwiei7+EpFAh/kKA:h1OsjPHVmVhYwiLtKkKA

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  c43da445ca314d3a12c15ad28268413c3fd95a5c5defcce866f8ee2bf66c2004
- Size
  
  920KB
- MD5
  
  edbaec03fbb236a66f7c85efb0e0034e
- SHA1
  
  88fcd828dc8b1d57b60922c957cf94eb4603cd7e
- SHA256
  
  c43da445ca314d3a12c15ad28268413c3fd95a5c5defcce866f8ee2bf66c2004
- SHA512
  
  8633d7f92f89a84a82f2fcc45bf186afe59e21048ca02dbac076138aeaaad819ebc865c57d1133563ff68d9cdfe4b84182d9763ae71d01f52e6105fc26303c29
- SSDEEP
  
  24576:h1OYdaOmMtdHAqcdDVhYwiei7+EpFAh/kKA:h1OsjPHVmVhYwiLtKkKA
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer