e3eed3afff2eed9eb3f6b469df051e4f7b88dba84378b518f6d8391d257e701d | Triage

Sharing

General

Target

e3eed3afff2eed9eb3f6b469df051e4f7b88dba84378b518f6d8391d257e701d
Size

622KB
Sample

221125-lnrx2age78
MD5

59fc21b36599cf9da3bdea1d4890782e
SHA1

47a1c92077dbffa039948c012c1630712157bae8
SHA256

e3eed3afff2eed9eb3f6b469df051e4f7b88dba84378b518f6d8391d257e701d
SHA512

f310c7752ec61b232d8ef242a3ee0601593e775fce4cb938264f8b3c22d115e29e8e2e841e5f608effa290b27cd45b10fdc2c1296b5ddc83f4192e5c0d149875
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  e3eed3afff2eed9eb3f6b469df051e4f7b88dba84378b518f6d8391d257e701d
- Size
  
  622KB
- MD5
  
  59fc21b36599cf9da3bdea1d4890782e
- SHA1
  
  47a1c92077dbffa039948c012c1630712157bae8
- SHA256
  
  e3eed3afff2eed9eb3f6b469df051e4f7b88dba84378b518f6d8391d257e701d
- SHA512
  
  f310c7752ec61b232d8ef242a3ee0601593e775fce4cb938264f8b3c22d115e29e8e2e841e5f608effa290b27cd45b10fdc2c1296b5ddc83f4192e5c0d149875
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer