b52596e423a7ca9294f4b7f8c634687b1760828176f286f3cf96f2859b5fd508 | Triage

Sharing

General

Target

b52596e423a7ca9294f4b7f8c634687b1760828176f286f3cf96f2859b5fd508
Size

724KB
Sample

221125-krv87aaa6w
MD5

431cb076190eab9926c375b75ef3b251
SHA1

adcb489a32d0aa3e91fb2e866d1666355fd2761d
SHA256

b52596e423a7ca9294f4b7f8c634687b1760828176f286f3cf96f2859b5fd508
SHA512

b605459a332e445472b61c63a70351606e1e1e13bdd7ecfa68ad4bdd63a596ea033e818227b68f29b1c2d7c06b47226724db96dfebc121b07c512896328c32e5
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  b52596e423a7ca9294f4b7f8c634687b1760828176f286f3cf96f2859b5fd508
- Size
  
  724KB
- MD5
  
  431cb076190eab9926c375b75ef3b251
- SHA1
  
  adcb489a32d0aa3e91fb2e866d1666355fd2761d
- SHA256
  
  b52596e423a7ca9294f4b7f8c634687b1760828176f286f3cf96f2859b5fd508
- SHA512
  
  b605459a332e445472b61c63a70351606e1e1e13bdd7ecfa68ad4bdd63a596ea033e818227b68f29b1c2d7c06b47226724db96dfebc121b07c512896328c32e5
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer