c14ab7ca692fbc40d2abe707419d4b6a5489ea879495ca35d90d98db103bacb3 | Triage

Sharing

General

Target

c14ab7ca692fbc40d2abe707419d4b6a5489ea879495ca35d90d98db103bacb3
Size

920KB
Sample

221124-ygz2aaef93
MD5

71be0c036225ebe5081c1423154ad9dc
SHA1

d289b5abe77963ff59147803a19cc9e8d3fd0897
SHA256

c14ab7ca692fbc40d2abe707419d4b6a5489ea879495ca35d90d98db103bacb3
SHA512

cbc12cd2a24f0f75ede01c68d3e8970725b106ee8278f158b5331092eccbe24f8df55e2c98be1aea14de90df1a22ab756eec0e5f0fc9e528a9e4b666ae30828b
SSDEEP

24576:h1OYdaOZMtdHAqcdDVhYwiei7+EpFAh/kKc:h1OswPHVmVhYwiLtKkKc

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  c14ab7ca692fbc40d2abe707419d4b6a5489ea879495ca35d90d98db103bacb3
- Size
  
  920KB
- MD5
  
  71be0c036225ebe5081c1423154ad9dc
- SHA1
  
  d289b5abe77963ff59147803a19cc9e8d3fd0897
- SHA256
  
  c14ab7ca692fbc40d2abe707419d4b6a5489ea879495ca35d90d98db103bacb3
- SHA512
  
  cbc12cd2a24f0f75ede01c68d3e8970725b106ee8278f158b5331092eccbe24f8df55e2c98be1aea14de90df1a22ab756eec0e5f0fc9e528a9e4b666ae30828b
- SSDEEP
  
  24576:h1OYdaOZMtdHAqcdDVhYwiei7+EpFAh/kKc:h1OswPHVmVhYwiLtKkKc
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2