ad2e4efaf11abc6def2ca304d8789ad2824a75830fced1c35c4f031f53907e0d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad2e4efaf11abc6def2ca304d8789ad2824a75830fced1c35c4f031f53907e0d
Size

512KB
Sample

221125-majvyahh84
MD5

b63ca533cfdbbbecfba41c4ab916b4fd
SHA1

2ff1cb9bce8f2ee1526ba3ef68a9056ecadb96f5
SHA256

ad2e4efaf11abc6def2ca304d8789ad2824a75830fced1c35c4f031f53907e0d
SHA512

09d53166aefb0e04f87aade925cd12400b733cff28e16fa918dceb08a87a168ece3ae5b9ac39c0a453e7feb0c8e9fa825a7aca449085542de76ea83472d76dbb
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  ad2e4efaf11abc6def2ca304d8789ad2824a75830fced1c35c4f031f53907e0d
- Size
  
  512KB
- MD5
  
  b63ca533cfdbbbecfba41c4ab916b4fd
- SHA1
  
  2ff1cb9bce8f2ee1526ba3ef68a9056ecadb96f5
- SHA256
  
  ad2e4efaf11abc6def2ca304d8789ad2824a75830fced1c35c4f031f53907e0d
- SHA512
  
  09d53166aefb0e04f87aade925cd12400b733cff28e16fa918dceb08a87a168ece3ae5b9ac39c0a453e7feb0c8e9fa825a7aca449085542de76ea83472d76dbb
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

8^/10

persistence spyware stealer
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer