a5d0df3fcbaa26f8a18f068d07496b04aee4d994895616d023f76f081809e4d7 | Triage

Sharing

General

Target

a5d0df3fcbaa26f8a18f068d07496b04aee4d994895616d023f76f081809e4d7
Size

931KB
Sample

221124-z3fefaac54
MD5

cc1c83667b3022488d5bf6f787bf9822
SHA1

86691b7f1afab5528486d6c15390494d0b15a6ab
SHA256

a5d0df3fcbaa26f8a18f068d07496b04aee4d994895616d023f76f081809e4d7
SHA512

2deec7988aa66c235b2004cec7c5d7cc4499bd80637cbafbedd7c562997b8c21aada48f8c5a10c6f12f28a326be3bf1ab363c6513abe070309d7073955cb5662
SSDEEP

24576:h1OYdaO/CZ/iWCvu/2sWsJA/jlt+DHhs8:h1OstCpYO/dJJDHhs8

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  a5d0df3fcbaa26f8a18f068d07496b04aee4d994895616d023f76f081809e4d7
- Size
  
  931KB
- MD5
  
  cc1c83667b3022488d5bf6f787bf9822
- SHA1
  
  86691b7f1afab5528486d6c15390494d0b15a6ab
- SHA256
  
  a5d0df3fcbaa26f8a18f068d07496b04aee4d994895616d023f76f081809e4d7
- SHA512
  
  2deec7988aa66c235b2004cec7c5d7cc4499bd80637cbafbedd7c562997b8c21aada48f8c5a10c6f12f28a326be3bf1ab363c6513abe070309d7073955cb5662
- SSDEEP
  
  24576:h1OYdaO/CZ/iWCvu/2sWsJA/jlt+DHhs8:h1OstCpYO/dJJDHhs8
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer