a50fad6acfd12b299dc8b1cbbceeeab5f8d357e2d44fe1592529d42af4a3f4c9 | Triage

Sharing

General

Target

a50fad6acfd12b299dc8b1cbbceeeab5f8d357e2d44fe1592529d42af4a3f4c9
Size

920KB
Sample

221124-z4hwysdd7x
MD5

b611fd6c0421457132ad99e4a47433bc
SHA1

de571d744da3c290a7de92e32eda0e3f19686713
SHA256

a50fad6acfd12b299dc8b1cbbceeeab5f8d357e2d44fe1592529d42af4a3f4c9
SHA512

f7278c8b634d886e1d26e7d1548625ecfb0b95d6939eb365bc43edd373572fe915d08dddc2d65922a7c5f0d5a70f3c30d64ca0e36713fd71dd4f8af5199431cb
SSDEEP

24576:h1OYdaO4MtdHAqcdDVhYwiei7+EpFAh/kKg:h1OslPHVmVhYwiLtKkKg

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  a50fad6acfd12b299dc8b1cbbceeeab5f8d357e2d44fe1592529d42af4a3f4c9
- Size
  
  920KB
- MD5
  
  b611fd6c0421457132ad99e4a47433bc
- SHA1
  
  de571d744da3c290a7de92e32eda0e3f19686713
- SHA256
  
  a50fad6acfd12b299dc8b1cbbceeeab5f8d357e2d44fe1592529d42af4a3f4c9
- SHA512
  
  f7278c8b634d886e1d26e7d1548625ecfb0b95d6939eb365bc43edd373572fe915d08dddc2d65922a7c5f0d5a70f3c30d64ca0e36713fd71dd4f8af5199431cb
- SSDEEP
  
  24576:h1OYdaO4MtdHAqcdDVhYwiei7+EpFAh/kKg:h1OslPHVmVhYwiLtKkKg
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2