0b969de3264c49234a1a1b4392785172d8a79db373eda14bc9209f88cfa31f30 | Triage

Sharing

General

Target

0b969de3264c49234a1a1b4392785172d8a79db373eda14bc9209f88cfa31f30
Size

732KB
Sample

221125-kjh9nahe4y
MD5

1c3de1ad0032e87bd30f70744dfc1db2
SHA1

e8efd36b4d3fe602abe93951aba8fcbae36e21d9
SHA256

0b969de3264c49234a1a1b4392785172d8a79db373eda14bc9209f88cfa31f30
SHA512

a3bc08f8c56f142f24f7be683a5b640a33b8c143ffb0cb6530966dc259b7e02a179ad7563eaf6d55c44bbfc3976921206f85828919c66054801c21a4bab5f019
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  0b969de3264c49234a1a1b4392785172d8a79db373eda14bc9209f88cfa31f30
- Size
  
  732KB
- MD5
  
  1c3de1ad0032e87bd30f70744dfc1db2
- SHA1
  
  e8efd36b4d3fe602abe93951aba8fcbae36e21d9
- SHA256
  
  0b969de3264c49234a1a1b4392785172d8a79db373eda14bc9209f88cfa31f30
- SHA512
  
  a3bc08f8c56f142f24f7be683a5b640a33b8c143ffb0cb6530966dc259b7e02a179ad7563eaf6d55c44bbfc3976921206f85828919c66054801c21a4bab5f019
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

8^/10

persistence spyware stealer
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer