a646f831b7e52bf505f75389f6407e97882ddb3b087a6ea3520f519971e6bb77 | Triage

Sharing

General

Target

a646f831b7e52bf505f75389f6407e97882ddb3b087a6ea3520f519971e6bb77
Size

931KB
Sample

221124-z2p79aac24
MD5

e861441dd0391f796958721e5b74d59a
SHA1

b6ad8debc6406ea23bc61c8d1fd9e5d2670f8eae
SHA256

a646f831b7e52bf505f75389f6407e97882ddb3b087a6ea3520f519971e6bb77
SHA512

57a98bb085e76c432102f2999205162cfb3db854841db80d621b86d5ef2da2d14f3fc8452db7a1da883b7f84bb9b6d604e21eb74f8bf9f36255c3be09e1dc50f
SSDEEP

24576:h1OYdaOZCZ/iWCvu/2sWsJA/jlt+DHhsU:h1Os3CpYO/dJJDHhsU

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  a646f831b7e52bf505f75389f6407e97882ddb3b087a6ea3520f519971e6bb77
- Size
  
  931KB
- MD5
  
  e861441dd0391f796958721e5b74d59a
- SHA1
  
  b6ad8debc6406ea23bc61c8d1fd9e5d2670f8eae
- SHA256
  
  a646f831b7e52bf505f75389f6407e97882ddb3b087a6ea3520f519971e6bb77
- SHA512
  
  57a98bb085e76c432102f2999205162cfb3db854841db80d621b86d5ef2da2d14f3fc8452db7a1da883b7f84bb9b6d604e21eb74f8bf9f36255c3be09e1dc50f
- SSDEEP
  
  24576:h1OYdaOZCZ/iWCvu/2sWsJA/jlt+DHhsU:h1Os3CpYO/dJJDHhsU
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer