c9e5b898d1120b963be4637921a30265f851ae90ccbb4ce8c3967880b2efda16 | Triage

Sharing

General

Target

c9e5b898d1120b963be4637921a30265f851ae90ccbb4ce8c3967880b2efda16
Size

960KB
Sample

221127-tqzpnaee9x
MD5

9f0b0d64d88d037951d4b5e64507dac2
SHA1

196695c896555a2e185c0ef14896d38545829dfe
SHA256

c9e5b898d1120b963be4637921a30265f851ae90ccbb4ce8c3967880b2efda16
SHA512

dd79aa8765ad3b854be3e4a5f08234355c73a7c29980928aa3132cf2c4c9eb8e4c7ee3663d778d1dd4f38bb82ec8fb69fdf9093cc794dfa455ae34da67b54866
SSDEEP

12288:BXcWQS3mu5hlQ/UQeq0uLOJ7RKgmxt0e67dAyrGulWEsAXoAUX1buqR2Dtsvv:BRBU0xGy2M3qs2vv

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  c9e5b898d1120b963be4637921a30265f851ae90ccbb4ce8c3967880b2efda16
- Size
  
  960KB
- MD5
  
  9f0b0d64d88d037951d4b5e64507dac2
- SHA1
  
  196695c896555a2e185c0ef14896d38545829dfe
- SHA256
  
  c9e5b898d1120b963be4637921a30265f851ae90ccbb4ce8c3967880b2efda16
- SHA512
  
  dd79aa8765ad3b854be3e4a5f08234355c73a7c29980928aa3132cf2c4c9eb8e4c7ee3663d778d1dd4f38bb82ec8fb69fdf9093cc794dfa455ae34da67b54866
- SSDEEP
  
  12288:BXcWQS3mu5hlQ/UQeq0uLOJ7RKgmxt0e67dAyrGulWEsAXoAUX1buqR2Dtsvv:BRBU0xGy2M3qs2vv
Score

7^/10

persistence spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer