b760f5385bd4c51febb6fae596de0130d7e785bdb0accbe258cf918792c40942 | Triage

Sharing

General

Target

b760f5385bd4c51febb6fae596de0130d7e785bdb0accbe258cf918792c40942
Size

452KB
Sample

221125-lh5xpsgc42
MD5

df92baa5776224b51b9720c65fe51af3
SHA1

c5a4caea6e99064497683feb0f88749b0a93b933
SHA256

b760f5385bd4c51febb6fae596de0130d7e785bdb0accbe258cf918792c40942
SHA512

85d00d9e41d8c29b6c3697cbfabca09d2b1099a85cf76cc042a18d6db2ee01a1e6d8eae42b1e4f70403174ff1d8c35fc40413b6c16a04e5639365cefb929e860
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  b760f5385bd4c51febb6fae596de0130d7e785bdb0accbe258cf918792c40942
- Size
  
  452KB
- MD5
  
  df92baa5776224b51b9720c65fe51af3
- SHA1
  
  c5a4caea6e99064497683feb0f88749b0a93b933
- SHA256
  
  b760f5385bd4c51febb6fae596de0130d7e785bdb0accbe258cf918792c40942
- SHA512
  
  85d00d9e41d8c29b6c3697cbfabca09d2b1099a85cf76cc042a18d6db2ee01a1e6d8eae42b1e4f70403174ff1d8c35fc40413b6c16a04e5639365cefb929e860
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer