dabbec6d955900ed10163668d38d407a9f2b02a16b111e916bb10e4c9ed83e74 | Triage

Sharing

General

Target

dabbec6d955900ed10163668d38d407a9f2b02a16b111e916bb10e4c9ed83e74
Size

416KB
Sample

221125-lqxajagf79
MD5

78c159c2f33babf985b4c66a041a4aac
SHA1

c4353452b693db7c4b046042ac798101e2ad101f
SHA256

dabbec6d955900ed10163668d38d407a9f2b02a16b111e916bb10e4c9ed83e74
SHA512

ae6f50d02c0d54979cf52411684ab04e16ad527957193921c83aa440e299093ee1aefcf5f81a63a17af13658340519401c42961bf9e95b82ae36efb13352d054
SSDEEP

3072:dSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbMtJyVdyw:ssqhJMxzJiU5SeLmNSbMtJU5

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  dabbec6d955900ed10163668d38d407a9f2b02a16b111e916bb10e4c9ed83e74
- Size
  
  416KB
- MD5
  
  78c159c2f33babf985b4c66a041a4aac
- SHA1
  
  c4353452b693db7c4b046042ac798101e2ad101f
- SHA256
  
  dabbec6d955900ed10163668d38d407a9f2b02a16b111e916bb10e4c9ed83e74
- SHA512
  
  ae6f50d02c0d54979cf52411684ab04e16ad527957193921c83aa440e299093ee1aefcf5f81a63a17af13658340519401c42961bf9e95b82ae36efb13352d054
- SSDEEP
  
  3072:dSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbMtJyVdyw:ssqhJMxzJiU5SeLmNSbMtJU5
Score

10^/10

persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer