bc50af8f23c741b3345302b198d51e292b3f6b8d87a0d4e195eca072c0c1860f | Triage

Sharing

General

Target

bc50af8f23c741b3345302b198d51e292b3f6b8d87a0d4e195eca072c0c1860f
Size

513KB
Sample

221125-lb9mbabc9x
MD5

31681db687988505003bec3f1455e0d9
SHA1

0e6f1e93b18bd1a1e2391b80e44f4548671c23a9
SHA256

bc50af8f23c741b3345302b198d51e292b3f6b8d87a0d4e195eca072c0c1860f
SHA512

bc5e65f1a5542d211a35f60fabdacf46d92dd1b7de27427d3ae8995d3aa86de29c550840965c0f5dc81b358a83adc3cb6105675e2667fefce26e8181f6ddce31
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  bc50af8f23c741b3345302b198d51e292b3f6b8d87a0d4e195eca072c0c1860f
- Size
  
  513KB
- MD5
  
  31681db687988505003bec3f1455e0d9
- SHA1
  
  0e6f1e93b18bd1a1e2391b80e44f4548671c23a9
- SHA256
  
  bc50af8f23c741b3345302b198d51e292b3f6b8d87a0d4e195eca072c0c1860f
- SHA512
  
  bc5e65f1a5542d211a35f60fabdacf46d92dd1b7de27427d3ae8995d3aa86de29c550840965c0f5dc81b358a83adc3cb6105675e2667fefce26e8181f6ddce31
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

8^/10

persistence spyware stealer
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer