d7612df93b873f6944f32afb524ebf71bb5cc03edbee35cb3ea2fa5baec58aa2 | Triage

Sharing

General

Target

d7612df93b873f6944f32afb524ebf71bb5cc03edbee35cb3ea2fa5baec58aa2
Size

682KB
Sample

221125-krhyvsaa5v
MD5

185f57273dd9adc50aafe536423e391a
SHA1

53d6c4cb3431685cad6013415e0efd8be9570c19
SHA256

d7612df93b873f6944f32afb524ebf71bb5cc03edbee35cb3ea2fa5baec58aa2
SHA512

181a7d9b237119298c44c31739c609af6569cd91b2cb79d90a52fa68b4f1cac4a9c473d79b179f7e2691748a5ff5722600d2f2b1ee3d743895c471521f7b7c25
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  d7612df93b873f6944f32afb524ebf71bb5cc03edbee35cb3ea2fa5baec58aa2
- Size
  
  682KB
- MD5
  
  185f57273dd9adc50aafe536423e391a
- SHA1
  
  53d6c4cb3431685cad6013415e0efd8be9570c19
- SHA256
  
  d7612df93b873f6944f32afb524ebf71bb5cc03edbee35cb3ea2fa5baec58aa2
- SHA512
  
  181a7d9b237119298c44c31739c609af6569cd91b2cb79d90a52fa68b4f1cac4a9c473d79b179f7e2691748a5ff5722600d2f2b1ee3d743895c471521f7b7c25
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer