24233c539c5a5e72b90e51b9168e43a85ab13bec10d25b627cf01f7df6b81e58 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24233c539c5a5e72b90e51b9168e43a85ab13bec10d25b627cf01f7df6b81e58
Size

140KB
Sample

221203-kexw9aca5s
MD5

45347c9fa8f17f974657bc0003c84a8a
SHA1

dffd87e6a260441716083a79e599a9e062fb406c
SHA256

24233c539c5a5e72b90e51b9168e43a85ab13bec10d25b627cf01f7df6b81e58
SHA512

5e2c42e761427ed04e1341ab88b4aa0688f9a3ab6c3914c1127e2779d0932433c3d544626b8d63157726a89416b1113e1e7dfd11b698a7b92777e79588211755
SSDEEP

1536:MO7UmLcfm0gGQ8JWfzLNIcqoJHiWNFNVO7keX/EfPPYa2i79wjuT+UjAgAbK/1XE:MoFLNv4U7JCWDN4/2PPY9iNjh5llCtH

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  24233c539c5a5e72b90e51b9168e43a85ab13bec10d25b627cf01f7df6b81e58
- Size
  
  140KB
- MD5
  
  45347c9fa8f17f974657bc0003c84a8a
- SHA1
  
  dffd87e6a260441716083a79e599a9e062fb406c
- SHA256
  
  24233c539c5a5e72b90e51b9168e43a85ab13bec10d25b627cf01f7df6b81e58
- SHA512
  
  5e2c42e761427ed04e1341ab88b4aa0688f9a3ab6c3914c1127e2779d0932433c3d544626b8d63157726a89416b1113e1e7dfd11b698a7b92777e79588211755
- SSDEEP
  
  1536:MO7UmLcfm0gGQ8JWfzLNIcqoJHiWNFNVO7keX/EfPPYa2i79wjuT+UjAgAbK/1XE:MoFLNv4U7JCWDN4/2PPY9iNjh5llCtH
Score

8^/10

persistence spyware stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2