5630ac19f4074c8781a1cdd1e6c44ccf37e9634e45290e1e9ffa9a0e457cc887 | Triage

Sharing

General

Target

5630ac19f4074c8781a1cdd1e6c44ccf37e9634e45290e1e9ffa9a0e457cc887
Size

5.9MB
Sample

221215-aatzpaed2y
MD5

0379c89e245918e7b2119e293d507952
SHA1

513493004e3d6dd83aa0515fb299364199889b90
SHA256

5630ac19f4074c8781a1cdd1e6c44ccf37e9634e45290e1e9ffa9a0e457cc887
SHA512

22b65b4cdd8a89a3b940acb3b66a57b6f4e48c2bba0a76ef9a5e0046ede826b86a46a58c89252ec00c0cd14321656ee884b8e12616d47b962b89025ccd883dd1
SSDEEP

98304:YGJgK6UDmEz70Dc/uneO5AIcPNC0LFQnQ5H9AD5MGmpxfjI/NEApXSb1xjQjdY1:4UDmEOneOHcPzRQnQ5H98a+VEqCB9wY1

Score

9^/10

spyware stealer

Malware Config

Targets

- Target
  
  5630ac19f4074c8781a1cdd1e6c44ccf37e9634e45290e1e9ffa9a0e457cc887
- Size
  
  5.9MB
- MD5
  
  0379c89e245918e7b2119e293d507952
- SHA1
  
  513493004e3d6dd83aa0515fb299364199889b90
- SHA256
  
  5630ac19f4074c8781a1cdd1e6c44ccf37e9634e45290e1e9ffa9a0e457cc887
- SHA512
  
  22b65b4cdd8a89a3b940acb3b66a57b6f4e48c2bba0a76ef9a5e0046ede826b86a46a58c89252ec00c0cd14321656ee884b8e12616d47b962b89025ccd883dd1
- SSDEEP
  
  98304:YGJgK6UDmEz70Dc/uneO5AIcPNC0LFQnQ5H9AD5MGmpxfjI/NEApXSb1xjQjdY1:4UDmEOneOHcPzRQnQ5H98a+VEqCB9wY1
Score

9^/10

spyware stealer
- Nirsoft
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2