493574b3a555e73db86c8d7fc158799ab99151ab0c68049b1d94fa2246f0faf3 | Triage

Sharing

General

Target

493574b3a555e73db86c8d7fc158799ab99151ab0c68049b1d94fa2246f0faf3
Size

920KB
Sample

221125-cd967agd8w
MD5

3368b362d7d4d71024a50ae38cd413dd
SHA1

a883a94b564b88feaa0d19a2aa99fb8854f67cb4
SHA256

493574b3a555e73db86c8d7fc158799ab99151ab0c68049b1d94fa2246f0faf3
SHA512

37096608f7ac5a31ef72e528abdf868ae0ffec8537365dc649734732abadca14caf44cbf6a2e2140d75a47db99b4fc4e162a48e9cd833e31f0b137d6a7f31aac
SSDEEP

24576:h1OYdaOqMtdHAqcdDVhYwiei7+EpFAh/kKF:h1OsLPHVmVhYwiLtKkKF

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  493574b3a555e73db86c8d7fc158799ab99151ab0c68049b1d94fa2246f0faf3
- Size
  
  920KB
- MD5
  
  3368b362d7d4d71024a50ae38cd413dd
- SHA1
  
  a883a94b564b88feaa0d19a2aa99fb8854f67cb4
- SHA256
  
  493574b3a555e73db86c8d7fc158799ab99151ab0c68049b1d94fa2246f0faf3
- SHA512
  
  37096608f7ac5a31ef72e528abdf868ae0ffec8537365dc649734732abadca14caf44cbf6a2e2140d75a47db99b4fc4e162a48e9cd833e31f0b137d6a7f31aac
- SSDEEP
  
  24576:h1OYdaOqMtdHAqcdDVhYwiei7+EpFAh/kKF:h1OsLPHVmVhYwiLtKkKF
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer