a59339c4cf8d6816c15b45282368a4f9c74cc5af3b05239a2479e9c49d4985ad | Triage

Sharing

General

Target

a59339c4cf8d6816c15b45282368a4f9c74cc5af3b05239a2479e9c49d4985ad
Size

931KB
Sample

221124-z3pywaac63
MD5

540ae493ec4580a55427311c48c64dbd
SHA1

68f1489c430ffe10bbdafa288827216bdee1b913
SHA256

a59339c4cf8d6816c15b45282368a4f9c74cc5af3b05239a2479e9c49d4985ad
SHA512

8481e26b11c086e0c21283ae07c92641a0b486e658838437b1f0f637bc9e6c6050d4e92dbd062cf42a0999802918e9d187533db1a1f0558d5327db3e703b3a97
SSDEEP

24576:h1OYdaOZCZ/iWCvu/2sWsJA/jlt+DHhs1:h1OsbCpYO/dJJDHhs1

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  a59339c4cf8d6816c15b45282368a4f9c74cc5af3b05239a2479e9c49d4985ad
- Size
  
  931KB
- MD5
  
  540ae493ec4580a55427311c48c64dbd
- SHA1
  
  68f1489c430ffe10bbdafa288827216bdee1b913
- SHA256
  
  a59339c4cf8d6816c15b45282368a4f9c74cc5af3b05239a2479e9c49d4985ad
- SHA512
  
  8481e26b11c086e0c21283ae07c92641a0b486e658838437b1f0f637bc9e6c6050d4e92dbd062cf42a0999802918e9d187533db1a1f0558d5327db3e703b3a97
- SSDEEP
  
  24576:h1OYdaOZCZ/iWCvu/2sWsJA/jlt+DHhs1:h1OsbCpYO/dJJDHhs1
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer