a8b76da754d1e92a438306c525b9d8cfa5e844459df47504ad8b920701e5439c | Triage

Sharing

General

Target

a8b76da754d1e92a438306c525b9d8cfa5e844459df47504ad8b920701e5439c
Size

931KB
Sample

221124-zw69kshh58
MD5

de2bcb50996ba49c82831778819933ee
SHA1

92da0fabda2c85ddae9257e11fe45f2772bcb7d7
SHA256

a8b76da754d1e92a438306c525b9d8cfa5e844459df47504ad8b920701e5439c
SHA512

cf953df309beaff929c6cbc352bbe7f717f616637bc3de42b3bdddb78bbf823caf171ae734e0afaa60c96d39549a63e958e2965fb5daff24f184e7d6832272e3
SSDEEP

24576:h1OYdaOpCZ/iWCvu/2sWsJA/jlt+DHhsF:h1OsTCpYO/dJJDHhsF

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  a8b76da754d1e92a438306c525b9d8cfa5e844459df47504ad8b920701e5439c
- Size
  
  931KB
- MD5
  
  de2bcb50996ba49c82831778819933ee
- SHA1
  
  92da0fabda2c85ddae9257e11fe45f2772bcb7d7
- SHA256
  
  a8b76da754d1e92a438306c525b9d8cfa5e844459df47504ad8b920701e5439c
- SHA512
  
  cf953df309beaff929c6cbc352bbe7f717f616637bc3de42b3bdddb78bbf823caf171ae734e0afaa60c96d39549a63e958e2965fb5daff24f184e7d6832272e3
- SSDEEP
  
  24576:h1OYdaOpCZ/iWCvu/2sWsJA/jlt+DHhsF:h1OsTCpYO/dJJDHhsF
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer