a49b460eaed02f6bc3323e73a9cfaebf386652066cc98d94bb3c29ca387e5e7d | Triage

Sharing

General

Target

a49b460eaed02f6bc3323e73a9cfaebf386652066cc98d94bb3c29ca387e5e7d
Size

929KB
Sample

221124-z491fade3s
MD5

5e40c4eb2d51ae8be18436c98279dd59
SHA1

f62d8ab0305d9803620bc46917b97468bfcd0c41
SHA256

a49b460eaed02f6bc3323e73a9cfaebf386652066cc98d94bb3c29ca387e5e7d
SHA512

ec5202b58c7efb8e0c9cba86ac50ddf0e32b5e6406bd5cb99a2df6e5f028818d40ae3eef65cf0eb6ac7c62cbd30f4efafc140c8ed280d4e3f64a79e6ed7ce626
SSDEEP

12288:h1OgLdaOzj7sQInQJjBInHL9yiJ1mjwfX+hk/7UtImPLOQsbXiazu29A6kEpHX:h1OYdaOv7DyWgc0sMXmPLOQwij2lBHX

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  a49b460eaed02f6bc3323e73a9cfaebf386652066cc98d94bb3c29ca387e5e7d
- Size
  
  929KB
- MD5
  
  5e40c4eb2d51ae8be18436c98279dd59
- SHA1
  
  f62d8ab0305d9803620bc46917b97468bfcd0c41
- SHA256
  
  a49b460eaed02f6bc3323e73a9cfaebf386652066cc98d94bb3c29ca387e5e7d
- SHA512
  
  ec5202b58c7efb8e0c9cba86ac50ddf0e32b5e6406bd5cb99a2df6e5f028818d40ae3eef65cf0eb6ac7c62cbd30f4efafc140c8ed280d4e3f64a79e6ed7ce626
- SSDEEP
  
  12288:h1OgLdaOzj7sQInQJjBInHL9yiJ1mjwfX+hk/7UtImPLOQsbXiazu29A6kEpHX:h1OYdaOv7DyWgc0sMXmPLOQwij2lBHX
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer