c50026c180ea0a370638a5b37fdab8be7413861c72bb21fe367194a550067435 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c50026c180ea0a370638a5b37fdab8be7413861c72bb21fe367194a550067435
Size

243KB
Sample

221207-d6z3csed9z
MD5

1a511c400e849f7ae09961e103039ccc
SHA1

80e2e994800a01b287f5d35fbef791e1e9e8cf86
SHA256

c50026c180ea0a370638a5b37fdab8be7413861c72bb21fe367194a550067435
SHA512

5a383e9f2216b738a1a6e7fa5b5e64e0832649a5481d75b7259e5ed3e1088103888419c7b424f0cf220fbff6166dee434594093a05808b12dc3699c60a739b2e
SSDEEP

3072:PGaY46tGNttyJQ7KRjNDWI38xunbx8zPYLGT6gZfYKgZfYNpW+WROnp:u46tGdyJNDWjxQ8jYLG1ZwpZwNHWQ

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  c50026c180ea0a370638a5b37fdab8be7413861c72bb21fe367194a550067435
- Size
  
  243KB
- MD5
  
  1a511c400e849f7ae09961e103039ccc
- SHA1
  
  80e2e994800a01b287f5d35fbef791e1e9e8cf86
- SHA256
  
  c50026c180ea0a370638a5b37fdab8be7413861c72bb21fe367194a550067435
- SHA512
  
  5a383e9f2216b738a1a6e7fa5b5e64e0832649a5481d75b7259e5ed3e1088103888419c7b424f0cf220fbff6166dee434594093a05808b12dc3699c60a739b2e
- SSDEEP
  
  3072:PGaY46tGNttyJQ7KRjNDWI38xunbx8zPYLGT6gZfYKgZfYNpW+WROnp:u46tGdyJNDWjxQ8jYLG1ZwpZwNHWQ
Score

8^/10

spyware stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2