d3f787bd2d6fc6d5f17b89757d05260cd8e880e20f03f1145f8d1cf3e2e8a093 | Triage

Sharing

General

Target

d3f787bd2d6fc6d5f17b89757d05260cd8e880e20f03f1145f8d1cf3e2e8a093
Size

905KB
Sample

221125-km5basec85
MD5

960bb89f9be3934abba2bad6d26bd1a7
SHA1

1d3d8b2910b725d4e472ea1b90f6b10c0614c060
SHA256

d3f787bd2d6fc6d5f17b89757d05260cd8e880e20f03f1145f8d1cf3e2e8a093
SHA512

d4423d6fbc84c3359c391d5b29097d33d10794bb636718cbff2b98cfc4c1f2ff40b671fa6c50fa097f299bd90c7c32650bca31e0081921cf65a2548e7c36d8a3
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  d3f787bd2d6fc6d5f17b89757d05260cd8e880e20f03f1145f8d1cf3e2e8a093
- Size
  
  905KB
- MD5
  
  960bb89f9be3934abba2bad6d26bd1a7
- SHA1
  
  1d3d8b2910b725d4e472ea1b90f6b10c0614c060
- SHA256
  
  d3f787bd2d6fc6d5f17b89757d05260cd8e880e20f03f1145f8d1cf3e2e8a093
- SHA512
  
  d4423d6fbc84c3359c391d5b29097d33d10794bb636718cbff2b98cfc4c1f2ff40b671fa6c50fa097f299bd90c7c32650bca31e0081921cf65a2548e7c36d8a3
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

8^/10

persistence spyware stealer
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer