1f322bbac8688707fe451ec0053cfeabd36e2e5270332fe8b506e22d5cf3d33b | Triage

Sharing

General

Target

1f322bbac8688707fe451ec0053cfeabd36e2e5270332fe8b506e22d5cf3d33b
Size

561KB
Sample

221125-kpcztsed56
MD5

d6f88a3ae30bf65a923656080b293f32
SHA1

0ed5fec8b2b9aa2f372043f1f0f8a079c6098166
SHA256

1f322bbac8688707fe451ec0053cfeabd36e2e5270332fe8b506e22d5cf3d33b
SHA512

3a5d29eac681f6a289940f66e7e1236dffe119d59cae3435fe7063cf52b2297804ea394eea5318bde4871fe0a0d8af63599e8af7080b6b266fcfb25eb3e26bb0
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  1f322bbac8688707fe451ec0053cfeabd36e2e5270332fe8b506e22d5cf3d33b
- Size
  
  561KB
- MD5
  
  d6f88a3ae30bf65a923656080b293f32
- SHA1
  
  0ed5fec8b2b9aa2f372043f1f0f8a079c6098166
- SHA256
  
  1f322bbac8688707fe451ec0053cfeabd36e2e5270332fe8b506e22d5cf3d33b
- SHA512
  
  3a5d29eac681f6a289940f66e7e1236dffe119d59cae3435fe7063cf52b2297804ea394eea5318bde4871fe0a0d8af63599e8af7080b6b266fcfb25eb3e26bb0
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

8^/10

persistence spyware stealer
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer