c1b4b922cdec55249af32a2affe9359627f829ae8fd155a168c3865695c881ea | Triage

Sharing

General

Target

c1b4b922cdec55249af32a2affe9359627f829ae8fd155a168c3865695c881ea
Size

919KB
Sample

221124-yf71hahg5w
MD5

525be61a07c316d81867ef871f9ec082
SHA1

b7b4df91897fa2ec08eb777ec60d429463d08c2d
SHA256

c1b4b922cdec55249af32a2affe9359627f829ae8fd155a168c3865695c881ea
SHA512

640821d85906739fd05e5b39ada8e9048ff62cacba0cfebd494df3a20a1c2eed3bfbd5ee422a83627750b7a55c2b5743c61e176c8a74ab23f3faa55251ce19b1
SSDEEP

24576:h1OYdaOCCZ/iWCvu/2sWsJA/jlt+DHhsp:h1Os0CpYO/dJJDHhsp

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  c1b4b922cdec55249af32a2affe9359627f829ae8fd155a168c3865695c881ea
- Size
  
  919KB
- MD5
  
  525be61a07c316d81867ef871f9ec082
- SHA1
  
  b7b4df91897fa2ec08eb777ec60d429463d08c2d
- SHA256
  
  c1b4b922cdec55249af32a2affe9359627f829ae8fd155a168c3865695c881ea
- SHA512
  
  640821d85906739fd05e5b39ada8e9048ff62cacba0cfebd494df3a20a1c2eed3bfbd5ee422a83627750b7a55c2b5743c61e176c8a74ab23f3faa55251ce19b1
- SSDEEP
  
  24576:h1OYdaOCCZ/iWCvu/2sWsJA/jlt+DHhsp:h1Os0CpYO/dJJDHhsp
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer