90f64a9ddda7899516c084e2cf2668b809ebf09ed994448d3aa87ca30e99abe3 | Triage

Sharing

General

Target

90f64a9ddda7899516c084e2cf2668b809ebf09ed994448d3aa87ca30e99abe3
Size

72KB
Sample

221204-a442racb44
MD5

db625eb4c9e276031d226504774ed156
SHA1

80574636b9f4f67ef4f725cf8591833865cd8604
SHA256

90f64a9ddda7899516c084e2cf2668b809ebf09ed994448d3aa87ca30e99abe3
SHA512

4036cea7725cd605a2e01aa9f9db05ab826d611bc8da49f2b6ab03022b57ad7593e490a0f24c5873c78c81111bee0e54f4e20ab3534a079b438f50acd88854bf
SSDEEP

768:ywlPoVTdBzkS0FlS+i9ioQDhXwlPoVTdBzkS0FlS+i9ioQDkD:bZw4SMr5D+Zw4SMr5D

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  90f64a9ddda7899516c084e2cf2668b809ebf09ed994448d3aa87ca30e99abe3
- Size
  
  72KB
- MD5
  
  db625eb4c9e276031d226504774ed156
- SHA1
  
  80574636b9f4f67ef4f725cf8591833865cd8604
- SHA256
  
  90f64a9ddda7899516c084e2cf2668b809ebf09ed994448d3aa87ca30e99abe3
- SHA512
  
  4036cea7725cd605a2e01aa9f9db05ab826d611bc8da49f2b6ab03022b57ad7593e490a0f24c5873c78c81111bee0e54f4e20ab3534a079b438f50acd88854bf
- SSDEEP
  
  768:ywlPoVTdBzkS0FlS+i9ioQDhXwlPoVTdBzkS0FlS+i9ioQDkD:bZw4SMr5D+Zw4SMr5D
Score

8^/10

spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2