47f018b7bbde089cdddb2ad78a6fb83977c77675d1703cdd1459b300f5db7319 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47f018b7bbde089cdddb2ad78a6fb83977c77675d1703cdd1459b300f5db7319.exe
Size

24.7MB
Sample

221222-cwbfksgh8w
MD5

967f69d678a18e00165efd2c91078783
SHA1

b7fc6fadf5f34edb6296c0a05e38702121c14099
SHA256

47f018b7bbde089cdddb2ad78a6fb83977c77675d1703cdd1459b300f5db7319
SHA512

3c492f6a3c7ed9909a511022873e5e50752e512a441ed0e81b7e13f10c339894ae06232ee87744d3bd9ac8ffb5e4b69337896a555b0b2491aded29c3f9d90b17
SSDEEP

196608:FDh6TGlATv80OmgLaox41ECvD2wIfxx83jI2rH:1hcT+mgW19vOxW

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  47f018b7bbde089cdddb2ad78a6fb83977c77675d1703cdd1459b300f5db7319.exe
- Size
  
  24.7MB
- MD5
  
  967f69d678a18e00165efd2c91078783
- SHA1
  
  b7fc6fadf5f34edb6296c0a05e38702121c14099
- SHA256
  
  47f018b7bbde089cdddb2ad78a6fb83977c77675d1703cdd1459b300f5db7319
- SHA512
  
  3c492f6a3c7ed9909a511022873e5e50752e512a441ed0e81b7e13f10c339894ae06232ee87744d3bd9ac8ffb5e4b69337896a555b0b2491aded29c3f9d90b17
- SSDEEP
  
  196608:FDh6TGlATv80OmgLaox41ECvD2wIfxx83jI2rH:1hcT+mgW19vOxW
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2