fcdce66395bd94b9a158d94798cb9f1e3a882bc89d738ae03d112417c7e0be91 | Triage

Sharing

General

Target

fcdce66395bd94b9a158d94798cb9f1e3a882bc89d738ae03d112417c7e0be91
Size

208KB
Sample

221206-ry17caff25
MD5

d6edb01e42150a9610573c28afe7a76b
SHA1

6b05d530f80db86ff79857a61bcfd36d6998ffba
SHA256

fcdce66395bd94b9a158d94798cb9f1e3a882bc89d738ae03d112417c7e0be91
SHA512

9e2568953cb92914ffb651129ffa6194e42e1902119553f0fed590724ce34b8bc2daa439ebc58d223ae9397946a627d61110eac947f791f6b3e62ab7d3ba63a6
SSDEEP

6144:Kz+92mhAMJ/cPl3i0WoIXs4EbhO1gqTuwOcy6iUjBDKwMYj9:KK2mhAMJ/cPlJysvbhO1bTu3cy6iUjoW

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  fcdce66395bd94b9a158d94798cb9f1e3a882bc89d738ae03d112417c7e0be91
- Size
  
  208KB
- MD5
  
  d6edb01e42150a9610573c28afe7a76b
- SHA1
  
  6b05d530f80db86ff79857a61bcfd36d6998ffba
- SHA256
  
  fcdce66395bd94b9a158d94798cb9f1e3a882bc89d738ae03d112417c7e0be91
- SHA512
  
  9e2568953cb92914ffb651129ffa6194e42e1902119553f0fed590724ce34b8bc2daa439ebc58d223ae9397946a627d61110eac947f791f6b3e62ab7d3ba63a6
- SSDEEP
  
  6144:Kz+92mhAMJ/cPl3i0WoIXs4EbhO1gqTuwOcy6iUjBDKwMYj9:KK2mhAMJ/cPlJysvbhO1bTu3cy6iUjoW
Score

8^/10

spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2