07480ae48f8d5d5c7e486b2eb6cca37d8d39c5ebffa2e75a3714b2d157952f5d | Triage

Sharing

General

Target

07480ae48f8d5d5c7e486b2eb6cca37d8d39c5ebffa2e75a3714b2d157952f5d
Size

28KB
Sample

221206-qvc5nsfc4z
MD5

a6ad42377780e94dc17d97a57ad3eb30
SHA1

b1cc15e7f7f2c4adc0461c0b946307c4790a095d
SHA256

07480ae48f8d5d5c7e486b2eb6cca37d8d39c5ebffa2e75a3714b2d157952f5d
SHA512

78c7536ceae64305150f33d7390da3aab53eb95c2d54cf55a7ff35c79aac56b066c7d2bd8a1b7a102c8bba512f4bd975aa3bae20c97305dd4f5491ec37e02f60
SSDEEP

768:wWkliAnUQYkYKzqbjC5RqHjrYReyZx+l0oKriCPRDLR:RySsz6jGeyZx+l0TRJ

Score

9^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  netskyP.dl
- Size
  
  28KB
- MD5
  
  3018e99857f31a59e0777396ae634a8f
- SHA1
  
  7031cfe76ee7b2c925f2c00372fb9ef7f983f60c
- SHA256
  
  c8fffb2e737514c551b2d7bcaf8baa459564b059cab1a35a3cec4b3c270d4525
- SHA512
  
  4604c98f765be26d4a0a33f54cc777810cae7fab5153ee637b4fc8057492fd40de6fdf9d88dc4f7f34f45dd174bae54a2b39e0f0e5f1f5997820b9bccf47686a
- SSDEEP
  
  768:vWkliAnUQYkYKzqbjC5RqHjrYReyZx+l0oKriCPRDL:+ySsz6jGeyZx+l0TR
Score

9^/10

persistence spyware stealer
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer