99f795b31cb5185520e9d5d0f6a903a38fc55d62c21abaa3ecba4a96fcc62b1d | Triage

Sharing

General

Target

99f795b31cb5185520e9d5d0f6a903a38fc55d62c21abaa3ecba4a96fcc62b1d
Size

560KB
Sample

221125-k1tfysfb36
MD5

9c040fff2ebbd6e4125be6df9df0423a
SHA1

e08f6aa7c92ba39784de7822cfdb15987a47853a
SHA256

99f795b31cb5185520e9d5d0f6a903a38fc55d62c21abaa3ecba4a96fcc62b1d
SHA512

139cb384da5cd4500fb243429ecfd59f9bb7d4ba085ce6dc104774a0a7fe519c0d6b167ef109947a0b5963c61ef505ac1c136e8a736b77a2eb4ac8e4e86586f0
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  99f795b31cb5185520e9d5d0f6a903a38fc55d62c21abaa3ecba4a96fcc62b1d
- Size
  
  560KB
- MD5
  
  9c040fff2ebbd6e4125be6df9df0423a
- SHA1
  
  e08f6aa7c92ba39784de7822cfdb15987a47853a
- SHA256
  
  99f795b31cb5185520e9d5d0f6a903a38fc55d62c21abaa3ecba4a96fcc62b1d
- SHA512
  
  139cb384da5cd4500fb243429ecfd59f9bb7d4ba085ce6dc104774a0a7fe519c0d6b167ef109947a0b5963c61ef505ac1c136e8a736b77a2eb4ac8e4e86586f0
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

8^/10

persistence spyware stealer
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer