a604184664bda8b3c069dceb29d84b38e7986d2163c454b39e5dcbfef57ab9ec | Triage

Sharing

General

Target

a604184664bda8b3c069dceb29d84b38e7986d2163c454b39e5dcbfef57ab9ec
Size

927KB
Sample

221124-z25b6sdc8z
MD5

61bd2029115b4abf6cdf517300b6b162
SHA1

99ca4c7e48f7d5a56e0591dc53d89a88682fe7a9
SHA256

a604184664bda8b3c069dceb29d84b38e7986d2163c454b39e5dcbfef57ab9ec
SHA512

01fb3634a37963dab96b0ab4b4998d6924e030382352e870a5f31d023467c6ac892fc663b0fe767f381374aff8df26f580d8cc4d68f89be202f22c1e982740c4
SSDEEP

24576:h1OYdaOknQju5vMu6qN2FctIOBYXZBai3GBlgpKLe/7rz:h1OseQjO6HHzayGBe/7rz

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  a604184664bda8b3c069dceb29d84b38e7986d2163c454b39e5dcbfef57ab9ec
- Size
  
  927KB
- MD5
  
  61bd2029115b4abf6cdf517300b6b162
- SHA1
  
  99ca4c7e48f7d5a56e0591dc53d89a88682fe7a9
- SHA256
  
  a604184664bda8b3c069dceb29d84b38e7986d2163c454b39e5dcbfef57ab9ec
- SHA512
  
  01fb3634a37963dab96b0ab4b4998d6924e030382352e870a5f31d023467c6ac892fc663b0fe767f381374aff8df26f580d8cc4d68f89be202f22c1e982740c4
- SSDEEP
  
  24576:h1OYdaOknQju5vMu6qN2FctIOBYXZBai3GBlgpKLe/7rz:h1OseQjO6HHzayGBe/7rz
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer