92ec08e55a98246e4deec38931affe382e1bfd39f47d014dc5a30e3b8b2eb4cf | Triage

Sharing

General

Target

92ec08e55a98246e4deec38931affe382e1bfd39f47d014dc5a30e3b8b2eb4cf
Size

21KB
Sample

221201-pnyblabe7w
MD5

bf8503557d267a979c1840b5241f5ea8
SHA1

ba94e45cae97f1f71a45fe234b1aa2bd1ba81698
SHA256

92ec08e55a98246e4deec38931affe382e1bfd39f47d014dc5a30e3b8b2eb4cf
SHA512

ef314220b0921d99a139f744d620c92dc8a3547b232a7268540d23339856ac7266083d42cad0782f8fd0a9d17c5923f6493d43619b0d7e2ed7cb8c30c3b6c65d
SSDEEP

384:oc+h/+GIQMCczE3yzySSAsmXVFwWynCMSc2ZsKw8WS/PtY4JQjYVkwNeso:ox6QA9PTPDhc2ZT0SH6Ysj

Score

10^/10

evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  92ec08e55a98246e4deec38931affe382e1bfd39f47d014dc5a30e3b8b2eb4cf
- Size
  
  21KB
- MD5
  
  bf8503557d267a979c1840b5241f5ea8
- SHA1
  
  ba94e45cae97f1f71a45fe234b1aa2bd1ba81698
- SHA256
  
  92ec08e55a98246e4deec38931affe382e1bfd39f47d014dc5a30e3b8b2eb4cf
- SHA512
  
  ef314220b0921d99a139f744d620c92dc8a3547b232a7268540d23339856ac7266083d42cad0782f8fd0a9d17c5923f6493d43619b0d7e2ed7cb8c30c3b6c65d
- SSDEEP
  
  384:oc+h/+GIQMCczE3yzySSAsmXVFwWynCMSc2ZsKw8WS/PtY4JQjYVkwNeso:ox6QA9PTPDhc2ZT0SH6Ysj
Score

10^/10

evasion persistence spyware stealer trojan
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Blocklisted process makes network request
- Modifies Shared Task Scheduler registry keys
  persistence
- Registers COM server for autorun
  persistence
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealertrojan

behavioral2

evasionpersistencetrojan