6efcfddef69c4b6694005e13b72cff52d461fe0991c41fe123ddb1e42f1833c1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6efcfddef69c4b6694005e13b72cff52d461fe0991c41fe123ddb1e42f1833c1
Size

1.7MB
Sample

221201-s3dghsgb3y
MD5

d62ea9ec4bf0afe81b415afd1d512952
SHA1

4226ceae156de3b4d35ec7e14d6f416b58d913b1
SHA256

6efcfddef69c4b6694005e13b72cff52d461fe0991c41fe123ddb1e42f1833c1
SHA512

41588b11ce86705ba1471ff2c9449f0fe2ced7a220313ec1cef46120d2a2a98895f18a95963eccd5d6f4c5d534c693ce7bb9aa02a010fbc00ee8da5fc226e264
SSDEEP

49152:gmiroNzur/bc6/nRJ/aOheDkPQcKiwMH5yUKc5thLfrXa7sjybqS9pErw2/6pBL1:gmirHbMlhCLru

Score

10^/10

evasion spyware stealer trojan

Malware Config

Targets

- Target
  
  6efcfddef69c4b6694005e13b72cff52d461fe0991c41fe123ddb1e42f1833c1
- Size
  
  1.7MB
- MD5
  
  d62ea9ec4bf0afe81b415afd1d512952
- SHA1
  
  4226ceae156de3b4d35ec7e14d6f416b58d913b1
- SHA256
  
  6efcfddef69c4b6694005e13b72cff52d461fe0991c41fe123ddb1e42f1833c1
- SHA512
  
  41588b11ce86705ba1471ff2c9449f0fe2ced7a220313ec1cef46120d2a2a98895f18a95963eccd5d6f4c5d534c693ce7bb9aa02a010fbc00ee8da5fc226e264
- SSDEEP
  
  49152:gmiroNzur/bc6/nRJ/aOheDkPQcKiwMH5yUKc5thLfrXa7sjybqS9pErw2/6pBL1:gmirHbMlhCLru
Score

10^/10

evasion spyware stealer trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealertrojan

behavioral2

evasionspywarestealertrojan