dfde16c51ef76fb63324b3156855e10cc31aab185697b952ba0c4665986ee6eb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dfde16c51ef76fb63324b3156855e10cc31aab185697b952ba0c4665986ee6eb
Size

2.0MB
Sample

221204-d4l3qacg72
MD5

b02e5b72c515945d3e482c1a7a9c599b
SHA1

a14ec535e57808ee39307f720b2a37e5bb829c6e
SHA256

dfde16c51ef76fb63324b3156855e10cc31aab185697b952ba0c4665986ee6eb
SHA512

08420a60b1bacd5915b595d58418cd8f9ecbe9a0043a994923f443d9f142ed368737079e3ecbe76f5bca69a6117bb12fa79a7fa518fb98a7306612dea870945d
SSDEEP

24576:ETJFH57ykkRDD4HOsRgiiplQfU8upw/r6:ETJV57yk+DD4usuofCKu

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  dfde16c51ef76fb63324b3156855e10cc31aab185697b952ba0c4665986ee6eb
- Size
  
  2.0MB
- MD5
  
  b02e5b72c515945d3e482c1a7a9c599b
- SHA1
  
  a14ec535e57808ee39307f720b2a37e5bb829c6e
- SHA256
  
  dfde16c51ef76fb63324b3156855e10cc31aab185697b952ba0c4665986ee6eb
- SHA512
  
  08420a60b1bacd5915b595d58418cd8f9ecbe9a0043a994923f443d9f142ed368737079e3ecbe76f5bca69a6117bb12fa79a7fa518fb98a7306612dea870945d
- SSDEEP
  
  24576:ETJFH57ykkRDD4HOsRgiiplQfU8upw/r6:ETJV57yk+DD4usuofCKu
Score

7^/10

persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2