f22e7e5497cb94f535143ec6aa387630a861311d20caa107c1818c57e05fed00 | Triage

Sharing

General

Target

f22e7e5497cb94f535143ec6aa387630a861311d20caa107c1818c57e05fed00
Size

1.6MB
Sample

221201-phhzqaah8v
MD5

b23654e25f1f444a22fb6190904b559a
SHA1

bbaeefd628c75f79c0548b248803e36943b41f14
SHA256

f22e7e5497cb94f535143ec6aa387630a861311d20caa107c1818c57e05fed00
SHA512

30ba5195b1f2c8ecc29524353fffc49aecc34cfe8cedd095b35bf3a46e9fdb318ea015c6b4e38790ed2df54c3d5df9f2e75ca7f28c1aeb378f1ea2a64bb9edfe
SSDEEP

49152:ZkK5IVKw/au2e4FE2UgJlLQ7adasXT4jnbIr:SzauKZU1adasUjbi

Score

10^/10

evasion spyware stealer trojan

Malware Config

Targets

- Target
  
  f22e7e5497cb94f535143ec6aa387630a861311d20caa107c1818c57e05fed00
- Size
  
  1.6MB
- MD5
  
  b23654e25f1f444a22fb6190904b559a
- SHA1
  
  bbaeefd628c75f79c0548b248803e36943b41f14
- SHA256
  
  f22e7e5497cb94f535143ec6aa387630a861311d20caa107c1818c57e05fed00
- SHA512
  
  30ba5195b1f2c8ecc29524353fffc49aecc34cfe8cedd095b35bf3a46e9fdb318ea015c6b4e38790ed2df54c3d5df9f2e75ca7f28c1aeb378f1ea2a64bb9edfe
- SSDEEP
  
  49152:ZkK5IVKw/au2e4FE2UgJlLQ7adasXT4jnbIr:SzauKZU1adasUjbi
Score

10^/10

evasion spyware stealer trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealertrojan

behavioral2

evasionspywarestealertrojan