7ade6d0ffeab3041178da5aca39bdd0f64b3d621fe154e8ebae0e780ed3a72fc | Triage

Sharing

General

Target

7ade6d0ffeab3041178da5aca39bdd0f64b3d621fe154e8ebae0e780ed3a72fc
Size

297KB
Sample

221125-le3ceaga66
MD5

6e6d2ead45ce3083eea2676b6e596daf
SHA1

c49561f2005982d8ed15230ac74c6188006d0f8b
SHA256

7ade6d0ffeab3041178da5aca39bdd0f64b3d621fe154e8ebae0e780ed3a72fc
SHA512

bdcba2196bfd907f8add9ac99a000e613bfc8a9d0ca6f21a894aedaebc60cd3c88c771322c5f39c0fc434d8c606ad01d76c18cdfe0b6db6218d43b949a8a932a
SSDEEP

3072:dSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbMtJyVdyw:ssqhJMxzJiU5SeLmNSbMtJU5

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  7ade6d0ffeab3041178da5aca39bdd0f64b3d621fe154e8ebae0e780ed3a72fc
- Size
  
  297KB
- MD5
  
  6e6d2ead45ce3083eea2676b6e596daf
- SHA1
  
  c49561f2005982d8ed15230ac74c6188006d0f8b
- SHA256
  
  7ade6d0ffeab3041178da5aca39bdd0f64b3d621fe154e8ebae0e780ed3a72fc
- SHA512
  
  bdcba2196bfd907f8add9ac99a000e613bfc8a9d0ca6f21a894aedaebc60cd3c88c771322c5f39c0fc434d8c606ad01d76c18cdfe0b6db6218d43b949a8a932a
- SSDEEP
  
  3072:dSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbMtJyVdyw:ssqhJMxzJiU5SeLmNSbMtJU5
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer