4809959113a70d4152d48d1d7343d6e15d7bc59159ebc04a011ad717d91ee090 | Triage

Sharing

General

Target

4809959113a70d4152d48d1d7343d6e15d7bc59159ebc04a011ad717d91ee090
Size

220KB
Sample

221127-ywwmeaaf6s
MD5

fe3f51f278e133a000f4ddafab5b8792
SHA1

7bea10889608837138ab4c4ec75762ec9b4e1d9b
SHA256

4809959113a70d4152d48d1d7343d6e15d7bc59159ebc04a011ad717d91ee090
SHA512

b0746cdc74ace21f14520cbcb7dc0e9f72861ecbd5803f0437218b4b9ee7c6af441eaacdd896c071fc445d9aa9572a1cb15774a65843c6419cc5dfa3d97e3bcc
SSDEEP

3072:/kDeEQNzxUbDf4tmSqtarA9K6pQ32afgWDoqt531Tg:8DtQBxAbSdrt6S32Mxt5l

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  4809959113a70d4152d48d1d7343d6e15d7bc59159ebc04a011ad717d91ee090
- Size
  
  220KB
- MD5
  
  fe3f51f278e133a000f4ddafab5b8792
- SHA1
  
  7bea10889608837138ab4c4ec75762ec9b4e1d9b
- SHA256
  
  4809959113a70d4152d48d1d7343d6e15d7bc59159ebc04a011ad717d91ee090
- SHA512
  
  b0746cdc74ace21f14520cbcb7dc0e9f72861ecbd5803f0437218b4b9ee7c6af441eaacdd896c071fc445d9aa9572a1cb15774a65843c6419cc5dfa3d97e3bcc
- SSDEEP
  
  3072:/kDeEQNzxUbDf4tmSqtarA9K6pQ32afgWDoqt531Tg:8DtQBxAbSdrt6S32Mxt5l
Score

8^/10

spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2