4bcb6d84583fffef394b98306aeb409ccc830916c0715625e007e8c5324f1790 | Triage

Sharing

General

Target

4bcb6d84583fffef394b98306aeb409ccc830916c0715625e007e8c5324f1790
Size

932KB
Sample

221125-b952nsdb52
MD5

aabc6b795c97f1a2668e058d9eee4621
SHA1

883c1aa23c4dd5c45309b382955ec0d8de54f0bd
SHA256

4bcb6d84583fffef394b98306aeb409ccc830916c0715625e007e8c5324f1790
SHA512

ef68d410224b862fecd03f778af2a766975eee9eae2ae39d64e3c2234d9b1363917bc7786b9e9e5e8188b813469f90463eb8646486bc10d90bf4619121b699a6
SSDEEP

24576:h1OYdaOiCZ/iWCvu/2sWsJA/jlt+DHhs+:h1OswCpYO/dJJDHhs+

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  4bcb6d84583fffef394b98306aeb409ccc830916c0715625e007e8c5324f1790
- Size
  
  932KB
- MD5
  
  aabc6b795c97f1a2668e058d9eee4621
- SHA1
  
  883c1aa23c4dd5c45309b382955ec0d8de54f0bd
- SHA256
  
  4bcb6d84583fffef394b98306aeb409ccc830916c0715625e007e8c5324f1790
- SHA512
  
  ef68d410224b862fecd03f778af2a766975eee9eae2ae39d64e3c2234d9b1363917bc7786b9e9e5e8188b813469f90463eb8646486bc10d90bf4619121b699a6
- SSDEEP
  
  24576:h1OYdaOiCZ/iWCvu/2sWsJA/jlt+DHhs+:h1OswCpYO/dJJDHhs+
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer