6909ba3d32e35efbf1710839ffd611e05c35aea8492b3611a8ac999e65f78472 | Triage

Sharing

General

Target

6909ba3d32e35efbf1710839ffd611e05c35aea8492b3611a8ac999e65f78472
Size

533KB
Sample

221125-kvlh6aab8s
MD5

8b9b3e8175fe8a11c442f19e1fd55e65
SHA1

8de36ddfdecbc0189449d8e2fa9394c9552c2c93
SHA256

6909ba3d32e35efbf1710839ffd611e05c35aea8492b3611a8ac999e65f78472
SHA512

7bf6062f6c64e53a44803cc84fc849db75b5537264f2a5e849912bb870304893df7d5c59d665dc4b906cccfa31238437054140487aad48124213854c8e5278f0
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  6909ba3d32e35efbf1710839ffd611e05c35aea8492b3611a8ac999e65f78472
- Size
  
  533KB
- MD5
  
  8b9b3e8175fe8a11c442f19e1fd55e65
- SHA1
  
  8de36ddfdecbc0189449d8e2fa9394c9552c2c93
- SHA256
  
  6909ba3d32e35efbf1710839ffd611e05c35aea8492b3611a8ac999e65f78472
- SHA512
  
  7bf6062f6c64e53a44803cc84fc849db75b5537264f2a5e849912bb870304893df7d5c59d665dc4b906cccfa31238437054140487aad48124213854c8e5278f0
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer