208e57f24b7eb1e1391080b00f9feec43ba48543c9dcaa7a230c60589c4d5eb5 | Triage

Sharing

General

Target

208e57f24b7eb1e1391080b00f9feec43ba48543c9dcaa7a230c60589c4d5eb5
Size

776KB
Sample

221125-2gtq2seg4x
MD5

d1acfda5165dd86b7a7c02a914a5f840
SHA1

27df9a373ebfbf747fe1bda42d4794d2bfa7475b
SHA256

208e57f24b7eb1e1391080b00f9feec43ba48543c9dcaa7a230c60589c4d5eb5
SHA512

4d9bfa86b9da0d690f3256cd6be89ba32d7035e9fad4699a0e823a636188f784b2b22bbd55c805c7bee429db3578b7d3810da195241d3189cd2952938c970d30
SSDEEP

12288:0zNq8W0SE8wvSS0dvS3O4b1julJ3MzDme8G1C88tfwDdwnCuw:0zNq8W0SE80SScoO4bBuJCD/6W9uw

Score

8^/10

discovery evasion persistence spyware stealer

Malware Config

Targets

- Target
  
  208e57f24b7eb1e1391080b00f9feec43ba48543c9dcaa7a230c60589c4d5eb5
- Size
  
  776KB
- MD5
  
  d1acfda5165dd86b7a7c02a914a5f840
- SHA1
  
  27df9a373ebfbf747fe1bda42d4794d2bfa7475b
- SHA256
  
  208e57f24b7eb1e1391080b00f9feec43ba48543c9dcaa7a230c60589c4d5eb5
- SHA512
  
  4d9bfa86b9da0d690f3256cd6be89ba32d7035e9fad4699a0e823a636188f784b2b22bbd55c805c7bee429db3578b7d3810da195241d3189cd2952938c970d30
- SSDEEP
  
  12288:0zNq8W0SE8wvSS0dvS3O4b1julJ3MzDme8G1C88tfwDdwnCuw:0zNq8W0SE80SScoO4bBuJCD/6W9uw
Score

8^/10

discovery evasion persistence spyware stealer
- Creates new service(s)
  persistence
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

New Service

Privilege Escalation

New Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealer

behavioral2

discoveryevasionpersistencespywarestealer