c5057d5e610f26c43fa286d11afe0fc066931f00c2e1d057718190e4c41f24cd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c5057d5e610f26c43fa286d11afe0fc066931f00c2e1d057718190e4c41f24cd
Size

49KB
Sample

221203-qvx5vahe4t
MD5

6ecc065455c2915fb2ddf3dea57c1254
SHA1

a790b0ede7b1d26926a95ab062382e8fc35905de
SHA256

c5057d5e610f26c43fa286d11afe0fc066931f00c2e1d057718190e4c41f24cd
SHA512

d3def4f766c2050b1f54fcb795d431077ad6cca5304394b6d32199df227ebe9b841e53f6b86edaa8e808345114faba08ade7a34dfdf8109c3c0e9253996d9e7f
SSDEEP

768:lCTOeCLHiZm/u+eNVYE+IT1SF4sdhA0PYI7AQTTV9WpV1lbPT2dMiMy:lCjc1qMIkFFAsYI7A6TVEblv22Ry

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  c5057d5e610f26c43fa286d11afe0fc066931f00c2e1d057718190e4c41f24cd
- Size
  
  49KB
- MD5
  
  6ecc065455c2915fb2ddf3dea57c1254
- SHA1
  
  a790b0ede7b1d26926a95ab062382e8fc35905de
- SHA256
  
  c5057d5e610f26c43fa286d11afe0fc066931f00c2e1d057718190e4c41f24cd
- SHA512
  
  d3def4f766c2050b1f54fcb795d431077ad6cca5304394b6d32199df227ebe9b841e53f6b86edaa8e808345114faba08ade7a34dfdf8109c3c0e9253996d9e7f
- SSDEEP
  
  768:lCTOeCLHiZm/u+eNVYE+IT1SF4sdhA0PYI7AQTTV9WpV1lbPT2dMiMy:lCjc1qMIkFFAsYI7A6TVEblv22Ry
Score

10^/10

persistence spyware stealer
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2