a4cf96d7cad495d9c6d37e82e4a1b94e89d5d4e6f341835a78ec586d232d2677 | Triage

Sharing

General

Target

a4cf96d7cad495d9c6d37e82e4a1b94e89d5d4e6f341835a78ec586d232d2677
Size

919KB
Sample

221124-z4z58sdd9w
MD5

e7270aa6a8d428e980cc7d5f3f830433
SHA1

d8d7d55bd76502d0fe20a8b002d818c2e109f9d7
SHA256

a4cf96d7cad495d9c6d37e82e4a1b94e89d5d4e6f341835a78ec586d232d2677
SHA512

bc4eed6aa98fb225538793f672237c3cc0b2a82c909f5c68ebac4e87af439ed915e3d4fc751dddedb659f189f582f70a35576d0a1296a92cf8c7a645380e0722
SSDEEP

24576:h1OYdaONMtdHAqcdDVhYwiei7+EpFAh/kKJ:h1OscPHVmVhYwiLtKkKJ

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  a4cf96d7cad495d9c6d37e82e4a1b94e89d5d4e6f341835a78ec586d232d2677
- Size
  
  919KB
- MD5
  
  e7270aa6a8d428e980cc7d5f3f830433
- SHA1
  
  d8d7d55bd76502d0fe20a8b002d818c2e109f9d7
- SHA256
  
  a4cf96d7cad495d9c6d37e82e4a1b94e89d5d4e6f341835a78ec586d232d2677
- SHA512
  
  bc4eed6aa98fb225538793f672237c3cc0b2a82c909f5c68ebac4e87af439ed915e3d4fc751dddedb659f189f582f70a35576d0a1296a92cf8c7a645380e0722
- SSDEEP
  
  24576:h1OYdaONMtdHAqcdDVhYwiei7+EpFAh/kKJ:h1OscPHVmVhYwiLtKkKJ
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer