4cf91235020eae322d8591d850d3982eb7f6bd18fb2838d322adbfd620c0924f | Triage

Sharing

General

Target

4cf91235020eae322d8591d850d3982eb7f6bd18fb2838d322adbfd620c0924f
Size

1.3MB
Sample

221125-kbk4aade94
MD5

de0a6c3bd90ba04ba7e222c2342eb83d
SHA1

596731db56a389b656f6cb1557aac8965f8f20e6
SHA256

4cf91235020eae322d8591d850d3982eb7f6bd18fb2838d322adbfd620c0924f
SHA512

aa8b78be9ba123cb81437b9dfde7835fc2243c677fb278e7093727c322cd6b73df0e9da0e18f23e0629caee8326bc8aeea4aec7c4a1c73be339ff19065198bd4
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  4cf91235020eae322d8591d850d3982eb7f6bd18fb2838d322adbfd620c0924f
- Size
  
  1.3MB
- MD5
  
  de0a6c3bd90ba04ba7e222c2342eb83d
- SHA1
  
  596731db56a389b656f6cb1557aac8965f8f20e6
- SHA256
  
  4cf91235020eae322d8591d850d3982eb7f6bd18fb2838d322adbfd620c0924f
- SHA512
  
  aa8b78be9ba123cb81437b9dfde7835fc2243c677fb278e7093727c322cd6b73df0e9da0e18f23e0629caee8326bc8aeea4aec7c4a1c73be339ff19065198bd4
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer