a38029815324e08e51ceeb9701f547283d364365e09af1b60cd3fbfd580439a4 | Triage

Sharing

General

Target

a38029815324e08e51ceeb9701f547283d364365e09af1b60cd3fbfd580439a4
Size

931KB
Sample

221124-z67cbsdf2x
MD5

4db97a8e96b996fb8bb652295f83e31f
SHA1

ecba76fbf34f5481c51e42f7b895a22ab7ed0916
SHA256

a38029815324e08e51ceeb9701f547283d364365e09af1b60cd3fbfd580439a4
SHA512

13e45f47f80601ba6f2f6072ba8d7e5e616d0894309f61718cd9b39c195b6ce88c63be6fd7da404c6fbbd6b56f02e1ad381973aee475cb631d8f1a6ad8db86d1
SSDEEP

24576:h1OYdaOeCZ/iWCvu/2sWsJA/jlt+DHhs+:h1Os8CpYO/dJJDHhs+

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  a38029815324e08e51ceeb9701f547283d364365e09af1b60cd3fbfd580439a4
- Size
  
  931KB
- MD5
  
  4db97a8e96b996fb8bb652295f83e31f
- SHA1
  
  ecba76fbf34f5481c51e42f7b895a22ab7ed0916
- SHA256
  
  a38029815324e08e51ceeb9701f547283d364365e09af1b60cd3fbfd580439a4
- SHA512
  
  13e45f47f80601ba6f2f6072ba8d7e5e616d0894309f61718cd9b39c195b6ce88c63be6fd7da404c6fbbd6b56f02e1ad381973aee475cb631d8f1a6ad8db86d1
- SSDEEP
  
  24576:h1OYdaOeCZ/iWCvu/2sWsJA/jlt+DHhs+:h1Os8CpYO/dJJDHhs+
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer