c1d463ea0d85ba0f4bfbd6b0a25bf20b330ef0814490921f8c2d1c05eaaf9d53 | Triage

Sharing

General

Target

c1d463ea0d85ba0f4bfbd6b0a25bf20b330ef0814490921f8c2d1c05eaaf9d53
Size

920KB
Sample

221124-yf1lesef53
MD5

e223b73bd9b16247bb62af4e8a593ecd
SHA1

bc6b738d6a8858f845163c5cf17a798b1b9f65b8
SHA256

c1d463ea0d85ba0f4bfbd6b0a25bf20b330ef0814490921f8c2d1c05eaaf9d53
SHA512

ed31ddf05c2aa13843500c10316c1923bb36c2cd06d8b77272d3ac3e8ca7b953ed33433293c47cd608b2ec70b2c6eb466a4a644d07dc2c5511d8367db2a0057f
SSDEEP

24576:h1OYdaOZMtdHAqcdDVhYwiei7+EpFAh/kK7:h1OsQPHVmVhYwiLtKkK7

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  c1d463ea0d85ba0f4bfbd6b0a25bf20b330ef0814490921f8c2d1c05eaaf9d53
- Size
  
  920KB
- MD5
  
  e223b73bd9b16247bb62af4e8a593ecd
- SHA1
  
  bc6b738d6a8858f845163c5cf17a798b1b9f65b8
- SHA256
  
  c1d463ea0d85ba0f4bfbd6b0a25bf20b330ef0814490921f8c2d1c05eaaf9d53
- SHA512
  
  ed31ddf05c2aa13843500c10316c1923bb36c2cd06d8b77272d3ac3e8ca7b953ed33433293c47cd608b2ec70b2c6eb466a4a644d07dc2c5511d8367db2a0057f
- SSDEEP
  
  24576:h1OYdaOZMtdHAqcdDVhYwiei7+EpFAh/kK7:h1OsQPHVmVhYwiLtKkK7
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer