599c0f76705b6dd06b943bbc7eea222a01d813cce756f07e05e126c7ce743b12 | Triage

Sharing

General

Target

599c0f76705b6dd06b943bbc7eea222a01d813cce756f07e05e126c7ce743b12
Size

12KB
Sample

221126-kzf48saf5x
MD5

c0555be2ecc8dbffe6e52c6c0d12c334
SHA1

9977e2ddbab36c123fefa541df9554544fe916aa
SHA256

599c0f76705b6dd06b943bbc7eea222a01d813cce756f07e05e126c7ce743b12
SHA512

de206d312be937f4eab52f59bd87db92cdafde0d771e9895471a9b4b7053bd7301c0ef451687137f6be00be4c2c849ef4247461657d932c48df2a548c4c9cc4a
SSDEEP

384:tihl3I60+gYGwEouu7m+EX6AbXqgt3jgnt0Rl:YH0FYfwu7MXtX7t3jQE

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  Fiscal_Eletronico.exe
- Size
  
  37KB
- MD5
  
  79d4353d76a1e90e44cecfe752411da4
- SHA1
  
  3a2d58473740dcafb2d5fc9d24ebaa608534eba0
- SHA256
  
  bc5195bb7590b14935ccdcf2ca8d85c225ccd0c2f3822e65ebe90e9b011fe94e
- SHA512
  
  f61fbb233a9a4bf4b878e72464aded2bad44cbc8110e1010a958a02de952ee20c8b057c385cd605ba45ed23a4b2a75f8374140a620ba0bd833abc45b5f5aed6c
- SSDEEP
  
  384:XQzz1QFgyNn8pXDLf45TQfeyh8yF9Ur6J9djOA71PHy2bLf45sf6Qfz7NF8Fww8E:XQzzcgyN8pX3lB5J9xO6TflbtX
Score

8^/10

persistence spyware stealer
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer