b9b62d4efd53a9866a2cd84c16172af87508ae35607cfe18e9fe85b0dc16c91f | Triage

Sharing

General

Target

b9b62d4efd53a9866a2cd84c16172af87508ae35607cfe18e9fe85b0dc16c91f
Size

1.3MB
Sample

221125-ka523ade74
MD5

16f59c62272b1343d309e3e1b0da7825
SHA1

bf82748483677a98195cb23e4f69dd098085ccbb
SHA256

b9b62d4efd53a9866a2cd84c16172af87508ae35607cfe18e9fe85b0dc16c91f
SHA512

400fa1e99e5a35666cbfd34eb65c0eaff1a22f64d23ab4a6437f75f77082335c6b02e5c6776e3e51d652cd8b7eb602d707045bd6c1b42b5ae17746e4c793df70
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  b9b62d4efd53a9866a2cd84c16172af87508ae35607cfe18e9fe85b0dc16c91f
- Size
  
  1.3MB
- MD5
  
  16f59c62272b1343d309e3e1b0da7825
- SHA1
  
  bf82748483677a98195cb23e4f69dd098085ccbb
- SHA256
  
  b9b62d4efd53a9866a2cd84c16172af87508ae35607cfe18e9fe85b0dc16c91f
- SHA512
  
  400fa1e99e5a35666cbfd34eb65c0eaff1a22f64d23ab4a6437f75f77082335c6b02e5c6776e3e51d652cd8b7eb602d707045bd6c1b42b5ae17746e4c793df70
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer