a8ad6df16e1e2f94557973f4b01c6079031bd1a767225e7fa0dc012fbe95fc20 | Triage

Sharing

General

Target

a8ad6df16e1e2f94557973f4b01c6079031bd1a767225e7fa0dc012fbe95fc20
Size

920KB
Sample

221124-zxaa8shh63
MD5

838d49ecd82c23f37b71cd21ff710524
SHA1

d4cb6cd2c21ed7a9da9fcdb01d6beffe3fc986c4
SHA256

a8ad6df16e1e2f94557973f4b01c6079031bd1a767225e7fa0dc012fbe95fc20
SHA512

85ac802cc0b1f090bc5382abbddbc63bbfed303634aa8d15c5cb2a5ee0575de0e57501244892640fb62f133b0a87ababad793d757dc63589548a9deb445af70e
SSDEEP

24576:h1OYdaOnMtdHAqcdDVhYwiei7+EpFAh/kKk:h1OsSPHVmVhYwiLtKkKk

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  a8ad6df16e1e2f94557973f4b01c6079031bd1a767225e7fa0dc012fbe95fc20
- Size
  
  920KB
- MD5
  
  838d49ecd82c23f37b71cd21ff710524
- SHA1
  
  d4cb6cd2c21ed7a9da9fcdb01d6beffe3fc986c4
- SHA256
  
  a8ad6df16e1e2f94557973f4b01c6079031bd1a767225e7fa0dc012fbe95fc20
- SHA512
  
  85ac802cc0b1f090bc5382abbddbc63bbfed303634aa8d15c5cb2a5ee0575de0e57501244892640fb62f133b0a87ababad793d757dc63589548a9deb445af70e
- SSDEEP
  
  24576:h1OYdaOnMtdHAqcdDVhYwiei7+EpFAh/kKk:h1OsSPHVmVhYwiLtKkKk
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer