a78100b701abf06be94e25683b2d8feb6daff53f235e5098c248f6388da3eef5 | Triage

Sharing

General

Target

a78100b701abf06be94e25683b2d8feb6daff53f235e5098c248f6388da3eef5
Size

931KB
Sample

221124-zzfk2aaa83
MD5

d18469a3c89e6c544d5651bf18df80d8
SHA1

43f31bd9adb153c16bae1416c44ca9747af473c6
SHA256

a78100b701abf06be94e25683b2d8feb6daff53f235e5098c248f6388da3eef5
SHA512

8d3dc114c93a57da9448039256b799060047cfea5510516eb4b57ec36e4ccc464d183f7feb4ecc60cf0ad87b90e73388bf50f5888ae95b71052453d7d07852fe
SSDEEP

24576:h1OYdaOvCZ/iWCvu/2sWsJA/jlt+DHhs5:h1OstCpYO/dJJDHhs5

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  a78100b701abf06be94e25683b2d8feb6daff53f235e5098c248f6388da3eef5
- Size
  
  931KB
- MD5
  
  d18469a3c89e6c544d5651bf18df80d8
- SHA1
  
  43f31bd9adb153c16bae1416c44ca9747af473c6
- SHA256
  
  a78100b701abf06be94e25683b2d8feb6daff53f235e5098c248f6388da3eef5
- SHA512
  
  8d3dc114c93a57da9448039256b799060047cfea5510516eb4b57ec36e4ccc464d183f7feb4ecc60cf0ad87b90e73388bf50f5888ae95b71052453d7d07852fe
- SSDEEP
  
  24576:h1OYdaOvCZ/iWCvu/2sWsJA/jlt+DHhs5:h1OstCpYO/dJJDHhs5
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer