fa9a440db8225b8f996f478afeb0b7ac395f88ff13543511254e4af8051d0fc6 | Triage

Sharing

General

Target

fa9a440db8225b8f996f478afeb0b7ac395f88ff13543511254e4af8051d0fc6
Size

518KB
Sample

221125-kmxw8ahg4t
MD5

25e285099137741bcf79b1f1d856642d
SHA1

93b9532d874aeca9211066c6cc726d062eb092b3
SHA256

fa9a440db8225b8f996f478afeb0b7ac395f88ff13543511254e4af8051d0fc6
SHA512

14d1a10fa565c94964213fe908b256e385ac8b9ba8f18e8b150338e1fccffe21b640f30a7f9189c72d070b6c8fb84dbfe767dab834b20b533ea51baa0cecb584
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  fa9a440db8225b8f996f478afeb0b7ac395f88ff13543511254e4af8051d0fc6
- Size
  
  518KB
- MD5
  
  25e285099137741bcf79b1f1d856642d
- SHA1
  
  93b9532d874aeca9211066c6cc726d062eb092b3
- SHA256
  
  fa9a440db8225b8f996f478afeb0b7ac395f88ff13543511254e4af8051d0fc6
- SHA512
  
  14d1a10fa565c94964213fe908b256e385ac8b9ba8f18e8b150338e1fccffe21b640f30a7f9189c72d070b6c8fb84dbfe767dab834b20b533ea51baa0cecb584
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

8^/10

persistence spyware stealer
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer