bc5026fcf872c2d6337a8afa8f38cc61f3b1cc11a0cda8456ed3f01535b21959 | Triage

Sharing

General

Target

bc5026fcf872c2d6337a8afa8f38cc61f3b1cc11a0cda8456ed3f01535b21959
Size

986KB
Sample

221203-rk1zesgd46
MD5

7185a4682dd021b6590fbf3713657ab8
SHA1

0b40cdce96649ed78abeffceb8dad7839baf90cb
SHA256

bc5026fcf872c2d6337a8afa8f38cc61f3b1cc11a0cda8456ed3f01535b21959
SHA512

db9ca84181ba2023930c1bb1b92d543185bdfa381216a6095e873521c2bfbc3175add68f7242bc1365ff4d70bcff304e85aaf57aa6022b0b2c1d32d00599df87
SSDEEP

24576:aczJKVdmADtLIj1qj8/Ob1HnVkaJknReHX73d:acA2WtL+qj8/WHVb5Lt

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  bc5026fcf872c2d6337a8afa8f38cc61f3b1cc11a0cda8456ed3f01535b21959
- Size
  
  986KB
- MD5
  
  7185a4682dd021b6590fbf3713657ab8
- SHA1
  
  0b40cdce96649ed78abeffceb8dad7839baf90cb
- SHA256
  
  bc5026fcf872c2d6337a8afa8f38cc61f3b1cc11a0cda8456ed3f01535b21959
- SHA512
  
  db9ca84181ba2023930c1bb1b92d543185bdfa381216a6095e873521c2bfbc3175add68f7242bc1365ff4d70bcff304e85aaf57aa6022b0b2c1d32d00599df87
- SSDEEP
  
  24576:aczJKVdmADtLIj1qj8/Ob1HnVkaJknReHX73d:acA2WtL+qj8/WHVb5Lt
Score

8^/10

spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2