26bc108d0576279befaf22603230ee92442b769ff05181bdde5d2ac288ad4e80 | Triage

Sharing

General

Target

26bc108d0576279befaf22603230ee92442b769ff05181bdde5d2ac288ad4e80
Size

1.9MB
Sample

221125-lq894agg23
MD5

c6511b788cc04d044adfc4c2ccb42851
SHA1

0b130417b6974177879d26b49908ed5891787992
SHA256

26bc108d0576279befaf22603230ee92442b769ff05181bdde5d2ac288ad4e80
SHA512

64533253f21810a325a9926a59f90bcac79dedaa96ab550306d6cc67baad07ea775de1f532564331115ebb23742aab2bce49ba298b3f10f331a6ba3ca2c4a326
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  26bc108d0576279befaf22603230ee92442b769ff05181bdde5d2ac288ad4e80
- Size
  
  1.9MB
- MD5
  
  c6511b788cc04d044adfc4c2ccb42851
- SHA1
  
  0b130417b6974177879d26b49908ed5891787992
- SHA256
  
  26bc108d0576279befaf22603230ee92442b769ff05181bdde5d2ac288ad4e80
- SHA512
  
  64533253f21810a325a9926a59f90bcac79dedaa96ab550306d6cc67baad07ea775de1f532564331115ebb23742aab2bce49ba298b3f10f331a6ba3ca2c4a326
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

8^/10

persistence spyware stealer
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer