e2575680a9a2d591cd9a98a3f6e8d96e76e3b41e074fec20d27e59f3a71d8ace | Triage

Sharing

General

Target

e2575680a9a2d591cd9a98a3f6e8d96e76e3b41e074fec20d27e59f3a71d8ace
Size

762KB
Sample

221125-kt25hsef99
MD5

d4613fbc01b0bbae29b551d2b488c340
SHA1

64b44d40edd7ba7eec619d24d5af38caa74ecf35
SHA256

e2575680a9a2d591cd9a98a3f6e8d96e76e3b41e074fec20d27e59f3a71d8ace
SHA512

7cccb0caccb0b135da6d9404775d46f8798f4e626787c93c21c256626d1e902202eda6a013d6784eda140d79ff95150fe55e5e605199ae981562c0eebd53d8cb
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  e2575680a9a2d591cd9a98a3f6e8d96e76e3b41e074fec20d27e59f3a71d8ace
- Size
  
  762KB
- MD5
  
  d4613fbc01b0bbae29b551d2b488c340
- SHA1
  
  64b44d40edd7ba7eec619d24d5af38caa74ecf35
- SHA256
  
  e2575680a9a2d591cd9a98a3f6e8d96e76e3b41e074fec20d27e59f3a71d8ace
- SHA512
  
  7cccb0caccb0b135da6d9404775d46f8798f4e626787c93c21c256626d1e902202eda6a013d6784eda140d79ff95150fe55e5e605199ae981562c0eebd53d8cb
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer