b90fe662be3237ac4e373a3da385a354e8e0bbff01160c8c3c5a25de573903d8 | Triage

Sharing

General

Target

b90fe662be3237ac4e373a3da385a354e8e0bbff01160c8c3c5a25de573903d8
Size

96KB
Sample

221205-mvfn1sbh96
MD5

069c7bcd307933cffff7983d51de9860
SHA1

40b1ede6ca8cc2b9063ab32efa0fa067f2369ec0
SHA256

b90fe662be3237ac4e373a3da385a354e8e0bbff01160c8c3c5a25de573903d8
SHA512

5c16d371cce8d8d5b3d2f924d79815c2a303a919a6aed020b71e6217e64941fc4b6b84d1f4a5adb09f5116e7bb9e4048e7213bb7de4c7124e6dc7fe5e5f5012d
SSDEEP

1536:q7qnkAQtSaoGo5n4iLG0/WM6TJmHSaYqeyEjxO8SXzpn9t6UN:DCSjGoLpWM6VsBEjxOZd5

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  b90fe662be3237ac4e373a3da385a354e8e0bbff01160c8c3c5a25de573903d8
- Size
  
  96KB
- MD5
  
  069c7bcd307933cffff7983d51de9860
- SHA1
  
  40b1ede6ca8cc2b9063ab32efa0fa067f2369ec0
- SHA256
  
  b90fe662be3237ac4e373a3da385a354e8e0bbff01160c8c3c5a25de573903d8
- SHA512
  
  5c16d371cce8d8d5b3d2f924d79815c2a303a919a6aed020b71e6217e64941fc4b6b84d1f4a5adb09f5116e7bb9e4048e7213bb7de4c7124e6dc7fe5e5f5012d
- SSDEEP
  
  1536:q7qnkAQtSaoGo5n4iLG0/WM6TJmHSaYqeyEjxO8SXzpn9t6UN:DCSjGoLpWM6VsBEjxOZd5
Score

8^/10

persistence spyware stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2