423835492c3fbad6e5640762de298c70560d58806e3035c5b198e4c4a7deea93 | Triage

Sharing

General

Target

423835492c3fbad6e5640762de298c70560d58806e3035c5b198e4c4a7deea93
Size

3.6MB
Sample

221125-1mdrcaha58
MD5

07dcb6f9f280dee35add914f05882699
SHA1

4fd851a9bd1cf8c1052c3e5780c1441c653a9d26
SHA256

423835492c3fbad6e5640762de298c70560d58806e3035c5b198e4c4a7deea93
SHA512

f5f45e4dca016becad265d59e184e925851c2b6519e515764ad0a7c1d9d41ad0502c3857a6bc74c86a65b5df5c28fdb126a704ef7976c817d1d0d1017d70841c
SSDEEP

49152:FVg5tQ7aHcLT+vRu5R4YQiFKDlKNTo+4l6LV9PO0lOKlrbGKBYxN6aKInOj0IAJ2:rg56J+GuD6io9G0DYKB0IuqA+JiB8R

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  423835492c3fbad6e5640762de298c70560d58806e3035c5b198e4c4a7deea93
- Size
  
  3.6MB
- MD5
  
  07dcb6f9f280dee35add914f05882699
- SHA1
  
  4fd851a9bd1cf8c1052c3e5780c1441c653a9d26
- SHA256
  
  423835492c3fbad6e5640762de298c70560d58806e3035c5b198e4c4a7deea93
- SHA512
  
  f5f45e4dca016becad265d59e184e925851c2b6519e515764ad0a7c1d9d41ad0502c3857a6bc74c86a65b5df5c28fdb126a704ef7976c817d1d0d1017d70841c
- SSDEEP
  
  49152:FVg5tQ7aHcLT+vRu5R4YQiFKDlKNTo+4l6LV9PO0lOKlrbGKBYxN6aKInOj0IAJ2:rg56J+GuD6io9G0DYKB0IuqA+JiB8R
Score

7^/10

persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer