a72a6a91e42a3f0b3b65d95194ef95d4889fbafb38f1e144b7d9aa588ec1f644 | Triage

Sharing

General

Target

a72a6a91e42a3f0b3b65d95194ef95d4889fbafb38f1e144b7d9aa588ec1f644
Size

52KB
Sample

221206-kf9bnsaf35
MD5

673ae192009715798c4dcdcebe4295d3
SHA1

d199c29fa9015925b474d36bae7d8460a8ce11d9
SHA256

a72a6a91e42a3f0b3b65d95194ef95d4889fbafb38f1e144b7d9aa588ec1f644
SHA512

82b443ecac5e689b7bc009d894ab4e390a9e36dda8227e1446c78da584b1e3dead2f5cb0c3dfb92a0e9933131317c75a2ec20f7dda9ccd182750833f714b6bd0
SSDEEP

768:Tevl4lpHBPLnhLSujjrHDjjeNIhVYbTXRb/SLC8QRXktB+Cibs:TeSdhLSuLCNM63BRXmB+

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  a72a6a91e42a3f0b3b65d95194ef95d4889fbafb38f1e144b7d9aa588ec1f644
- Size
  
  52KB
- MD5
  
  673ae192009715798c4dcdcebe4295d3
- SHA1
  
  d199c29fa9015925b474d36bae7d8460a8ce11d9
- SHA256
  
  a72a6a91e42a3f0b3b65d95194ef95d4889fbafb38f1e144b7d9aa588ec1f644
- SHA512
  
  82b443ecac5e689b7bc009d894ab4e390a9e36dda8227e1446c78da584b1e3dead2f5cb0c3dfb92a0e9933131317c75a2ec20f7dda9ccd182750833f714b6bd0
- SSDEEP
  
  768:Tevl4lpHBPLnhLSujjrHDjjeNIhVYbTXRb/SLC8QRXktB+Cibs:TeSdhLSuLCNM63BRXmB+
Score

10^/10

persistence spyware stealer
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2