c6d330ac8af0cd12af96411868f7a2a12bc38abb6b184543ca13d89afdb57b14 | Triage

Sharing

General

Target

c6d330ac8af0cd12af96411868f7a2a12bc38abb6b184543ca13d89afdb57b14
Size

70KB
Sample

221203-ryc5hsda5x
MD5

4a9e537690c47b80219ef48d07dfcd86
SHA1

2357224b7f59940c77015ca600e02615b5128cfc
SHA256

c6d330ac8af0cd12af96411868f7a2a12bc38abb6b184543ca13d89afdb57b14
SHA512

55ec63e95f7760bd313395e32bae7ed9e7475a0e7e39f5d08b255c6ffd71f2afddaaa27fd38c70f53d90b2ab628fa4ca74d3ab736dc82aa992431d80744b7782
SSDEEP

768:QkpLA8BtBV0QJcW5wqInmNSfyvwx+BKXCJW+trdvsWCJn66kvOR:tkQJcqwmIfj+ECJG/kvO

Score

9^/10

collection spyware stealer

Malware Config

Targets

- Target
  
  c6d330ac8af0cd12af96411868f7a2a12bc38abb6b184543ca13d89afdb57b14
- Size
  
  70KB
- MD5
  
  4a9e537690c47b80219ef48d07dfcd86
- SHA1
  
  2357224b7f59940c77015ca600e02615b5128cfc
- SHA256
  
  c6d330ac8af0cd12af96411868f7a2a12bc38abb6b184543ca13d89afdb57b14
- SHA512
  
  55ec63e95f7760bd313395e32bae7ed9e7475a0e7e39f5d08b255c6ffd71f2afddaaa27fd38c70f53d90b2ab628fa4ca74d3ab736dc82aa992431d80744b7782
- SSDEEP
  
  768:QkpLA8BtBV0QJcW5wqInmNSfyvwx+BKXCJW+trdvsWCJn66kvOR:tkQJcqwmIfj+ECJG/kvO
Score

9^/10

collection spyware stealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Account Manipulation

Privilege Escalation

Defense Evasion

Credential Access

Account Manipulation

Credentials in Files

Discovery

Process Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

collectionspywarestealer