a448b9f5f7c892052b2735cb94c205fb0e09b98b930f214715d8e0dafcd718d2 | Triage

Sharing

General

Target

a448b9f5f7c892052b2735cb94c205fb0e09b98b930f214715d8e0dafcd718d2
Size

920KB
Sample

221124-z5wjfaad86
MD5

2a2a92a72c5415d40117dc20a51c45f2
SHA1

01a2e9ff3bd1f6b8ebd3fc219b626c21daa63409
SHA256

a448b9f5f7c892052b2735cb94c205fb0e09b98b930f214715d8e0dafcd718d2
SHA512

3c49fa8293437a06fefad06f35e5399af34a6b4e8eb778f0385665b9e848b374af66433b295454e4043d37d0ed0bc6876e65d57481609a01c7d36b6188188238
SSDEEP

24576:h1OYdaOmMtdHAqcdDVhYwiei7+EpFAh/kKT:h1OsnPHVmVhYwiLtKkKT

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  a448b9f5f7c892052b2735cb94c205fb0e09b98b930f214715d8e0dafcd718d2
- Size
  
  920KB
- MD5
  
  2a2a92a72c5415d40117dc20a51c45f2
- SHA1
  
  01a2e9ff3bd1f6b8ebd3fc219b626c21daa63409
- SHA256
  
  a448b9f5f7c892052b2735cb94c205fb0e09b98b930f214715d8e0dafcd718d2
- SHA512
  
  3c49fa8293437a06fefad06f35e5399af34a6b4e8eb778f0385665b9e848b374af66433b295454e4043d37d0ed0bc6876e65d57481609a01c7d36b6188188238
- SSDEEP
  
  24576:h1OYdaOmMtdHAqcdDVhYwiei7+EpFAh/kKT:h1OsnPHVmVhYwiLtKkKT
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer