3314cc6ac3b22e1b23b2087228bebe21b580c4de11eb72f267d5b1cb4648d400 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3314cc6ac3b22e1b23b2087228bebe21b580c4de11eb72f267d5b1cb4648d400
Size

1.1MB
Sample

221125-lqeeqacc2w
MD5

a3961598ee8c2e1c3463f6098c8a14a8
SHA1

b60ff6e1424121200dceff2975eb085ae84df65b
SHA256

3314cc6ac3b22e1b23b2087228bebe21b580c4de11eb72f267d5b1cb4648d400
SHA512

7017d8721b5eae0eab20cc05223b8849780312879d6dbffa565269d1da63ae6cac4a5372a7011aa099fe7d400cd631c56021e4a593a95240d4f567cd7c96c908
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  3314cc6ac3b22e1b23b2087228bebe21b580c4de11eb72f267d5b1cb4648d400
- Size
  
  1.1MB
- MD5
  
  a3961598ee8c2e1c3463f6098c8a14a8
- SHA1
  
  b60ff6e1424121200dceff2975eb085ae84df65b
- SHA256
  
  3314cc6ac3b22e1b23b2087228bebe21b580c4de11eb72f267d5b1cb4648d400
- SHA512
  
  7017d8721b5eae0eab20cc05223b8849780312879d6dbffa565269d1da63ae6cac4a5372a7011aa099fe7d400cd631c56021e4a593a95240d4f567cd7c96c908
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2