ae5894c9cbb4f058f8aa40da8deebc44fb9772ab645a3df5d62cb23e8ef76d01 | Triage

Sharing

General

Target

ae5894c9cbb4f058f8aa40da8deebc44fb9772ab645a3df5d62cb23e8ef76d01
Size

1.8MB
Sample

221125-lee7wabe2z
MD5

ef9899724839613d026e95cb1a7fd60a
SHA1

b4325c37c26b27bbc1cba63e413c6ddf56e7f083
SHA256

ae5894c9cbb4f058f8aa40da8deebc44fb9772ab645a3df5d62cb23e8ef76d01
SHA512

5fe426c2f5e07678150936975415df1276e64203505bfb680d429834896b0ced4c1c09b51533b91acec0a31d86a345732b625ee40bb60c8acb6b5fbd787e083d
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  ae5894c9cbb4f058f8aa40da8deebc44fb9772ab645a3df5d62cb23e8ef76d01
- Size
  
  1.8MB
- MD5
  
  ef9899724839613d026e95cb1a7fd60a
- SHA1
  
  b4325c37c26b27bbc1cba63e413c6ddf56e7f083
- SHA256
  
  ae5894c9cbb4f058f8aa40da8deebc44fb9772ab645a3df5d62cb23e8ef76d01
- SHA512
  
  5fe426c2f5e07678150936975415df1276e64203505bfb680d429834896b0ced4c1c09b51533b91acec0a31d86a345732b625ee40bb60c8acb6b5fbd787e083d
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer