83b841a629cdba822e25bfad3fd1d48e8e183f1d788c8eb4c9d3cc5e49c549b9 | Triage

Sharing

General

Target

83b841a629cdba822e25bfad3fd1d48e8e183f1d788c8eb4c9d3cc5e49c549b9
Size

629KB
Sample

221125-ky8svsfa54
MD5

ed35b6362831abcd33026777908996b2
SHA1

70405234f81633891502c52d954643996373d3da
SHA256

83b841a629cdba822e25bfad3fd1d48e8e183f1d788c8eb4c9d3cc5e49c549b9
SHA512

6dd26c8b2b9335cc80a7d6b71e435376908e1da89f602458927025792f2b24dc3035ca07896534271aa7c4f818c6555ade1320de58d27985b88653db6d92903a
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  83b841a629cdba822e25bfad3fd1d48e8e183f1d788c8eb4c9d3cc5e49c549b9
- Size
  
  629KB
- MD5
  
  ed35b6362831abcd33026777908996b2
- SHA1
  
  70405234f81633891502c52d954643996373d3da
- SHA256
  
  83b841a629cdba822e25bfad3fd1d48e8e183f1d788c8eb4c9d3cc5e49c549b9
- SHA512
  
  6dd26c8b2b9335cc80a7d6b71e435376908e1da89f602458927025792f2b24dc3035ca07896534271aa7c4f818c6555ade1320de58d27985b88653db6d92903a
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer