c26ddd7a179c7b67bf26633c76e8df6e5df03c299a9bd90382a2844c6dcd9514 | Triage

Sharing

General

Target

c26ddd7a179c7b67bf26633c76e8df6e5df03c299a9bd90382a2844c6dcd9514
Size

920KB
Sample

221124-ye16kaee96
MD5

a6899b4f4b3295323a6b5734e0818372
SHA1

2430918098c5f4fab8a45f34d624b8c268a82ca1
SHA256

c26ddd7a179c7b67bf26633c76e8df6e5df03c299a9bd90382a2844c6dcd9514
SHA512

657d37897c3a17f001a447fcefc22c366e847654f4dd3efd68b05d56595fb0d019b85516bf231b1c96f7dcbe4c61e2798a4d8bff3563ab2106efa19f293033c4
SSDEEP

24576:h1OYdaOyMtdHAqcdDVhYwiei7+EpFAh/kKv:h1OsvPHVmVhYwiLtKkKv

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  c26ddd7a179c7b67bf26633c76e8df6e5df03c299a9bd90382a2844c6dcd9514
- Size
  
  920KB
- MD5
  
  a6899b4f4b3295323a6b5734e0818372
- SHA1
  
  2430918098c5f4fab8a45f34d624b8c268a82ca1
- SHA256
  
  c26ddd7a179c7b67bf26633c76e8df6e5df03c299a9bd90382a2844c6dcd9514
- SHA512
  
  657d37897c3a17f001a447fcefc22c366e847654f4dd3efd68b05d56595fb0d019b85516bf231b1c96f7dcbe4c61e2798a4d8bff3563ab2106efa19f293033c4
- SSDEEP
  
  24576:h1OYdaOyMtdHAqcdDVhYwiei7+EpFAh/kKv:h1OsvPHVmVhYwiLtKkKv
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer