d1cbcf8f6961580cf8c6fa3c1c3f9cb982463e393125c1f0ca2dea710a8bab87 | Triage

Sharing

General

Target

d1cbcf8f6961580cf8c6fa3c1c3f9cb982463e393125c1f0ca2dea710a8bab87
Size

1.8MB
Sample

221206-vg44fsab5w
MD5

a59a4787cead2fc8292e646d50657041
SHA1

685d54f77a6808a0ef10ae80508519d578c489c3
SHA256

d1cbcf8f6961580cf8c6fa3c1c3f9cb982463e393125c1f0ca2dea710a8bab87
SHA512

07c6838694ff0361451c5b7dfe4bbe9b8e9346b7b8e10fc14bb8965619f22f141f1435d7f72498655e44a3df6f775c82b5ccc7c3b0f54c0f3a4fc7f015efa2a0
SSDEEP

24576:Mcocf49vcQKqrsu22upB+RFUcmSuf4VSjRv1vxOWnUL9K5b1w2TLjTJe65h8qDYR:McPSMCP84VSjVO5LMR1w2Tb5hPKZ

Score

10^/10

evasion spyware stealer trojan

Malware Config

Targets

- Target
  
  d1cbcf8f6961580cf8c6fa3c1c3f9cb982463e393125c1f0ca2dea710a8bab87
- Size
  
  1.8MB
- MD5
  
  a59a4787cead2fc8292e646d50657041
- SHA1
  
  685d54f77a6808a0ef10ae80508519d578c489c3
- SHA256
  
  d1cbcf8f6961580cf8c6fa3c1c3f9cb982463e393125c1f0ca2dea710a8bab87
- SHA512
  
  07c6838694ff0361451c5b7dfe4bbe9b8e9346b7b8e10fc14bb8965619f22f141f1435d7f72498655e44a3df6f775c82b5ccc7c3b0f54c0f3a4fc7f015efa2a0
- SSDEEP
  
  24576:Mcocf49vcQKqrsu22upB+RFUcmSuf4VSjRv1vxOWnUL9K5b1w2TLjTJe65h8qDYR:McPSMCP84VSjVO5LMR1w2Tb5hPKZ
Score

10^/10

evasion spyware stealer trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealertrojan

behavioral2

evasionspywarestealertrojan