c24247b32ec8e547810d806bac76fd0cfbda17d9b411e8a277504c40ee4d2094 | Triage

Sharing

General

Target

c24247b32ec8e547810d806bac76fd0cfbda17d9b411e8a277504c40ee4d2094
Size

931KB
Sample

221124-ye6faahf7y
MD5

4f9a5efa2ec74ce8cfa5bd5474446d1b
SHA1

a71cbbd5f7aed3579dcc1ba6629d329f5f866fba
SHA256

c24247b32ec8e547810d806bac76fd0cfbda17d9b411e8a277504c40ee4d2094
SHA512

1bd2414546d4ee66102a6e53ebaa35cd82556d123b0c72e9db5fcbab3a8495496eeec7015d3f6e1c1b0da0957416f76f66e7c60296c14f41d13b6760908cdb62
SSDEEP

24576:h1OYdaOnCZ/iWCvu/2sWsJA/jlt+DHhsu:h1OsBCpYO/dJJDHhsu

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  c24247b32ec8e547810d806bac76fd0cfbda17d9b411e8a277504c40ee4d2094
- Size
  
  931KB
- MD5
  
  4f9a5efa2ec74ce8cfa5bd5474446d1b
- SHA1
  
  a71cbbd5f7aed3579dcc1ba6629d329f5f866fba
- SHA256
  
  c24247b32ec8e547810d806bac76fd0cfbda17d9b411e8a277504c40ee4d2094
- SHA512
  
  1bd2414546d4ee66102a6e53ebaa35cd82556d123b0c72e9db5fcbab3a8495496eeec7015d3f6e1c1b0da0957416f76f66e7c60296c14f41d13b6760908cdb62
- SSDEEP
  
  24576:h1OYdaOnCZ/iWCvu/2sWsJA/jlt+DHhsu:h1OsBCpYO/dJJDHhsu
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer