a7b0bca0d96cd5ae6236f444ad4736209a5f424e22ca3769ed9c84f0401c15eb | Triage

Sharing

General

Target

a7b0bca0d96cd5ae6236f444ad4736209a5f424e22ca3769ed9c84f0401c15eb
Size

932KB
Sample

221124-zyzbraaa64
MD5

183c4fa96127a4d104def6f97cae865d
SHA1

a32f7485f18a72f7c3d112b8efece652c05a30e8
SHA256

a7b0bca0d96cd5ae6236f444ad4736209a5f424e22ca3769ed9c84f0401c15eb
SHA512

58b3a88602d51f9c63d06de116d309e36b4c663ad941a0babebd7680a558bae73252be5dc5af87362db007039ba650cfaea6d618b40e5905e7d0e4a93400a500
SSDEEP

24576:h1OYdaOtCZ/iWCvu/2sWsJA/jlt+DHhsh:h1OsXCpYO/dJJDHhsh

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  a7b0bca0d96cd5ae6236f444ad4736209a5f424e22ca3769ed9c84f0401c15eb
- Size
  
  932KB
- MD5
  
  183c4fa96127a4d104def6f97cae865d
- SHA1
  
  a32f7485f18a72f7c3d112b8efece652c05a30e8
- SHA256
  
  a7b0bca0d96cd5ae6236f444ad4736209a5f424e22ca3769ed9c84f0401c15eb
- SHA512
  
  58b3a88602d51f9c63d06de116d309e36b4c663ad941a0babebd7680a558bae73252be5dc5af87362db007039ba650cfaea6d618b40e5905e7d0e4a93400a500
- SSDEEP
  
  24576:h1OYdaOtCZ/iWCvu/2sWsJA/jlt+DHhsh:h1OsXCpYO/dJJDHhsh
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer