311bd3b14f5017f67aeba0e28d1a45898a8f32f5db659e5bfae2e62efa8a3e3e | Triage

Sharing

General

Target

311bd3b14f5017f67aeba0e28d1a45898a8f32f5db659e5bfae2e62efa8a3e3e
Size

1004KB
Sample

221125-lbgarsbc6t
MD5

d1e4eebb252d9e664903accc5f35b4c8
SHA1

651e71de33b020747a68538a0a04b1a9f1f90a38
SHA256

311bd3b14f5017f67aeba0e28d1a45898a8f32f5db659e5bfae2e62efa8a3e3e
SHA512

8184f295c287dc79632e20371b3e12713a0189e646d63d15ac9c6201ef0ff3de5510ffdc19af5f7d2e20e2dca18577ab53aa85cfb48c508beb926fe6bc6ef062
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  311bd3b14f5017f67aeba0e28d1a45898a8f32f5db659e5bfae2e62efa8a3e3e
- Size
  
  1004KB
- MD5
  
  d1e4eebb252d9e664903accc5f35b4c8
- SHA1
  
  651e71de33b020747a68538a0a04b1a9f1f90a38
- SHA256
  
  311bd3b14f5017f67aeba0e28d1a45898a8f32f5db659e5bfae2e62efa8a3e3e
- SHA512
  
  8184f295c287dc79632e20371b3e12713a0189e646d63d15ac9c6201ef0ff3de5510ffdc19af5f7d2e20e2dca18577ab53aa85cfb48c508beb926fe6bc6ef062
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

8^/10

persistence spyware stealer
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer