956b0c46939156b15831b3de97d4bf19d23a1c4c2b4726df97d55783cfe79b14 | Triage

Sharing

General

Target

956b0c46939156b15831b3de97d4bf19d23a1c4c2b4726df97d55783cfe79b14
Size

178KB
Sample

221206-zrb8mscf24
MD5

061a4bef4bbffe70b3ff6000a7412fe2
SHA1

92ed97191c79fae0498f2ab3c01cec7f38dad94e
SHA256

956b0c46939156b15831b3de97d4bf19d23a1c4c2b4726df97d55783cfe79b14
SHA512

7bff0cd42266bcf8c9feadcc99996faac455638edbb43b2af1b201c558b0ceb44cbb1cd6120adf8e808b4c70b6ab565d42e865ab147775aef5e1e36c5ef5c9a6
SSDEEP

3072:dejlLAUr08Vi7SmKWoWG7RRETY9MVrrBVJQ9d17SAORUDzavZ:LQ7E93u9GTM

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  956b0c46939156b15831b3de97d4bf19d23a1c4c2b4726df97d55783cfe79b14
- Size
  
  178KB
- MD5
  
  061a4bef4bbffe70b3ff6000a7412fe2
- SHA1
  
  92ed97191c79fae0498f2ab3c01cec7f38dad94e
- SHA256
  
  956b0c46939156b15831b3de97d4bf19d23a1c4c2b4726df97d55783cfe79b14
- SHA512
  
  7bff0cd42266bcf8c9feadcc99996faac455638edbb43b2af1b201c558b0ceb44cbb1cd6120adf8e808b4c70b6ab565d42e865ab147775aef5e1e36c5ef5c9a6
- SSDEEP
  
  3072:dejlLAUr08Vi7SmKWoWG7RRETY9MVrrBVJQ9d17SAORUDzavZ:LQ7E93u9GTM
Score

7^/10

persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2