def027cd6709b3ce51c22a9956e6be9906e5e4523d1b6eda17624dd4288e7d32 | Triage

Sharing

General

Target

def027cd6709b3ce51c22a9956e6be9906e5e4523d1b6eda17624dd4288e7d32
Size

349KB
Sample

221203-z7dreaah5y
MD5

035bcc62fd97d73b887e1177df6f9ba6
SHA1

9ed1c971dd3fa43701396b8f33767704881cd929
SHA256

def027cd6709b3ce51c22a9956e6be9906e5e4523d1b6eda17624dd4288e7d32
SHA512

96d833c5799549c7612ba84a8974cadb7cc6b22d7edbca2e7a19046106fcef130878eaff84094e2ed0e32c6790838859f939163428ea69d62b5c9a919c871c6b
SSDEEP

6144:tAx4sN8K/NAx4bN8KqMqLI11vWsMvDMPHwLLbXZcVJpS/783dFAg1Zzzu10Y:e4sN04bN0PMTWRWHJJpS/7wYGZvui

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  def027cd6709b3ce51c22a9956e6be9906e5e4523d1b6eda17624dd4288e7d32
- Size
  
  349KB
- MD5
  
  035bcc62fd97d73b887e1177df6f9ba6
- SHA1
  
  9ed1c971dd3fa43701396b8f33767704881cd929
- SHA256
  
  def027cd6709b3ce51c22a9956e6be9906e5e4523d1b6eda17624dd4288e7d32
- SHA512
  
  96d833c5799549c7612ba84a8974cadb7cc6b22d7edbca2e7a19046106fcef130878eaff84094e2ed0e32c6790838859f939163428ea69d62b5c9a919c871c6b
- SSDEEP
  
  6144:tAx4sN8K/NAx4bN8KqMqLI11vWsMvDMPHwLLbXZcVJpS/783dFAg1Zzzu10Y:e4sN04bN0PMTWRWHJJpS/7wYGZvui
Score

8^/10

spyware stealer
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2