19c47ff5ff4cdf1e6f3bd11a04c373fa9208646cf96809048daa88d68c9f31bf | Triage

Sharing

General

Target

19c47ff5ff4cdf1e6f3bd11a04c373fa9208646cf96809048daa88d68c9f31bf
Size

1.5MB
Sample

221125-lg6slsgb79
MD5

4aa3597334eb887f0e8be6fada94749b
SHA1

6545fc5fefd0da46c07b7907daf6e69072fc34ea
SHA256

19c47ff5ff4cdf1e6f3bd11a04c373fa9208646cf96809048daa88d68c9f31bf
SHA512

6df6cd2bf30612864043203d6158113639b8e5c237a32082dfc6b9cdbf4848ad4484c9237424a0ba963590fffe1d04619e5eb4cda743a0daf5a5fdd6782158dc
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  19c47ff5ff4cdf1e6f3bd11a04c373fa9208646cf96809048daa88d68c9f31bf
- Size
  
  1.5MB
- MD5
  
  4aa3597334eb887f0e8be6fada94749b
- SHA1
  
  6545fc5fefd0da46c07b7907daf6e69072fc34ea
- SHA256
  
  19c47ff5ff4cdf1e6f3bd11a04c373fa9208646cf96809048daa88d68c9f31bf
- SHA512
  
  6df6cd2bf30612864043203d6158113639b8e5c237a32082dfc6b9cdbf4848ad4484c9237424a0ba963590fffe1d04619e5eb4cda743a0daf5a5fdd6782158dc
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

8^/10

persistence spyware stealer
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer