ba8c52f233ee68fc27bb737d6870eb0f40977549443cb4425a5fbeab02caaf4d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba8c52f233ee68fc27bb737d6870eb0f40977549443cb4425a5fbeab02caaf4d
Size

2.2MB
Sample

221202-zphbwage81
MD5

8a2e0a81828a02bf20c36564866d8079
SHA1

207c9b091fd81ef7b629481ba97bcb57b79cd737
SHA256

ba8c52f233ee68fc27bb737d6870eb0f40977549443cb4425a5fbeab02caaf4d
SHA512

99b6fe9ead23bd080c6220f3f4a963a8a77484b4a902c6194eab0f8387b9ccbe2eedc8d446ff15da803d96b3c2db454f908a78599ae27c2b3a860a0619ad9cf1
SSDEEP

49152:OwT+SXTS7d71HJdDSdHsRQ2y5tQVy+WjbYe7vFv:Oa+WufpNSdHL2yIVI7Nv

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  ba8c52f233ee68fc27bb737d6870eb0f40977549443cb4425a5fbeab02caaf4d
- Size
  
  2.2MB
- MD5
  
  8a2e0a81828a02bf20c36564866d8079
- SHA1
  
  207c9b091fd81ef7b629481ba97bcb57b79cd737
- SHA256
  
  ba8c52f233ee68fc27bb737d6870eb0f40977549443cb4425a5fbeab02caaf4d
- SHA512
  
  99b6fe9ead23bd080c6220f3f4a963a8a77484b4a902c6194eab0f8387b9ccbe2eedc8d446ff15da803d96b3c2db454f908a78599ae27c2b3a860a0619ad9cf1
- SSDEEP
  
  49152:OwT+SXTS7d71HJdDSdHsRQ2y5tQVy+WjbYe7vFv:Oa+WufpNSdHL2yIVI7Nv
Score

8^/10

spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2