9fc38c978d4a87b5a9c9c1d5cdbfaf79243f1c9afcd304d1b04a36fb830ccd90 | Triage

Sharing

General

Target

9fc38c978d4a87b5a9c9c1d5cdbfaf79243f1c9afcd304d1b04a36fb830ccd90
Size

251KB
Sample

221126-2makcseb3x
MD5

07674572cf79953c21898b8014967e52
SHA1

fd6c764b9b4fbd2c1dec2f26a5386bc48e769346
SHA256

9fc38c978d4a87b5a9c9c1d5cdbfaf79243f1c9afcd304d1b04a36fb830ccd90
SHA512

7c947f210c575d6b38a7fb5e5dd4ecee409c2df389fb285644175be1e713ca29d0a9dc321bcb37fa85ed26a7a08e9a12c3e9d9be45de7f42e1fae3c8015a8f0b
SSDEEP

3072:4ar2vYb/wk6D6EWOzYQjqRbC+h7jTBLjF5FemO9QbBLUcLTUEwhdI:4ayvYb/wk6TWOALhXTB0meQlUcLQEw

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  9fc38c978d4a87b5a9c9c1d5cdbfaf79243f1c9afcd304d1b04a36fb830ccd90
- Size
  
  251KB
- MD5
  
  07674572cf79953c21898b8014967e52
- SHA1
  
  fd6c764b9b4fbd2c1dec2f26a5386bc48e769346
- SHA256
  
  9fc38c978d4a87b5a9c9c1d5cdbfaf79243f1c9afcd304d1b04a36fb830ccd90
- SHA512
  
  7c947f210c575d6b38a7fb5e5dd4ecee409c2df389fb285644175be1e713ca29d0a9dc321bcb37fa85ed26a7a08e9a12c3e9d9be45de7f42e1fae3c8015a8f0b
- SSDEEP
  
  3072:4ar2vYb/wk6D6EWOzYQjqRbC+h7jTBLjF5FemO9QbBLUcLTUEwhdI:4ayvYb/wk6TWOALhXTB0meQlUcLQEw
Score

8^/10

persistence spyware stealer
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2