9f24db6c13f60a52c639eafa21a00529c7bb48470412bfac5f30eb63938b2438 | Triage

Sharing

General

Target

9f24db6c13f60a52c639eafa21a00529c7bb48470412bfac5f30eb63938b2438
Size

600KB
Sample

221125-lebvfsbe2w
MD5

ca563e2e6a35f7bb7b309c9320cf5a53
SHA1

253e393db83e34ecea7143600846f74740dd3d6d
SHA256

9f24db6c13f60a52c639eafa21a00529c7bb48470412bfac5f30eb63938b2438
SHA512

4347c100530e97e524678abc5779f793c0d9bdc16e898d790711dfa461f4d6ac0f76fd1abda86c02552ccd01fd2f14fc9bd467d795a125aabe5fa5de6982ba91
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  9f24db6c13f60a52c639eafa21a00529c7bb48470412bfac5f30eb63938b2438
- Size
  
  600KB
- MD5
  
  ca563e2e6a35f7bb7b309c9320cf5a53
- SHA1
  
  253e393db83e34ecea7143600846f74740dd3d6d
- SHA256
  
  9f24db6c13f60a52c639eafa21a00529c7bb48470412bfac5f30eb63938b2438
- SHA512
  
  4347c100530e97e524678abc5779f793c0d9bdc16e898d790711dfa461f4d6ac0f76fd1abda86c02552ccd01fd2f14fc9bd467d795a125aabe5fa5de6982ba91
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

8^/10

persistence spyware stealer
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2