37268577613964919043ff19cf39e6ec0ad1dee514f93a9c7f2e0f1ba306c286 | Triage

Sharing

General

Target

37268577613964919043ff19cf39e6ec0ad1dee514f93a9c7f2e0f1ba306c286
Size

774KB
Sample

221125-j9vjyade22
MD5

e723d96f5ae2e7df5a2281ab5c72ae00
SHA1

ccb6b6d0eee4ca444c51842bfbcff176b14c3127
SHA256

37268577613964919043ff19cf39e6ec0ad1dee514f93a9c7f2e0f1ba306c286
SHA512

9e8b0902665d9f98a7cf9761e46d8f3f4ececd1861fe8fce2a0feaf69c29413c2a30dc1e57fc291dc9d411c92362e81565cfe4e158d667a24edd82cbd0cc1c7c
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  37268577613964919043ff19cf39e6ec0ad1dee514f93a9c7f2e0f1ba306c286
- Size
  
  774KB
- MD5
  
  e723d96f5ae2e7df5a2281ab5c72ae00
- SHA1
  
  ccb6b6d0eee4ca444c51842bfbcff176b14c3127
- SHA256
  
  37268577613964919043ff19cf39e6ec0ad1dee514f93a9c7f2e0f1ba306c286
- SHA512
  
  9e8b0902665d9f98a7cf9761e46d8f3f4ececd1861fe8fce2a0feaf69c29413c2a30dc1e57fc291dc9d411c92362e81565cfe4e158d667a24edd82cbd0cc1c7c
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer