33716ffdb6aecd35d4ef98c2855781b464158de28c9b11994adde3efb15901a0 | Triage

Sharing

General

Target

33716ffdb6aecd35d4ef98c2855781b464158de28c9b11994adde3efb15901a0
Size

686KB
Sample

221201-fxa3zsbh6t
MD5

4577ec3c4704d309243370685b3197e9
SHA1

da91b2323a2087618be417e1de4e4d00d32bdf45
SHA256

33716ffdb6aecd35d4ef98c2855781b464158de28c9b11994adde3efb15901a0
SHA512

f3503a37e424831d8c0c0ab93473330b7339890096e20a2e2e9f1d686ee2fa38fcc6d5233122f7480819b2393b289beb1fa24a6290e050f5dc53a270e0658a6e
SSDEEP

12288:R9487iRC/9NGWEYHowU+p5XOApM4umgf3I7rGNrkty0fkhAlmv:R9487GC/9sWECDFPXOwumgPIErmyFAe

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  33716ffdb6aecd35d4ef98c2855781b464158de28c9b11994adde3efb15901a0
- Size
  
  686KB
- MD5
  
  4577ec3c4704d309243370685b3197e9
- SHA1
  
  da91b2323a2087618be417e1de4e4d00d32bdf45
- SHA256
  
  33716ffdb6aecd35d4ef98c2855781b464158de28c9b11994adde3efb15901a0
- SHA512
  
  f3503a37e424831d8c0c0ab93473330b7339890096e20a2e2e9f1d686ee2fa38fcc6d5233122f7480819b2393b289beb1fa24a6290e050f5dc53a270e0658a6e
- SSDEEP
  
  12288:R9487iRC/9NGWEYHowU+p5XOApM4umgf3I7rGNrkty0fkhAlmv:R9487GC/9sWECDFPXOwumgPIErmyFAe
Score

7^/10

persistence spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer