91b63191b54828c4d3f881bfd47d63644d55a9d9f28365ca54d1c20de3a52ed9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

2.0MB
Sample

221225-zaxs1sfc2s
MD5

a5889d022b6719928d911c4d95586fa5
SHA1

14cb734dfa63261e2323316e3ab3e17ecacb9808
SHA256

91b63191b54828c4d3f881bfd47d63644d55a9d9f28365ca54d1c20de3a52ed9
SHA512

bc5de06959169b5940f5cc0477db7d56994506e37077b1c4e68fb4e588ab95cae5878a9ff312c07b108799aab0ac382b5701633b1d4f726c531de66c9b1e6936
SSDEEP

12288:gpRhyQwI+mkC3K5QW93TjIo7ts9DhGvd4e1MxdYy7OaADQBTjsrGzgRLYlWPEKmC:S9k15Qijoh5xdbkrjmKeHWl5D3

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  tmp
- Size
  
  2.0MB
- MD5
  
  a5889d022b6719928d911c4d95586fa5
- SHA1
  
  14cb734dfa63261e2323316e3ab3e17ecacb9808
- SHA256
  
  91b63191b54828c4d3f881bfd47d63644d55a9d9f28365ca54d1c20de3a52ed9
- SHA512
  
  bc5de06959169b5940f5cc0477db7d56994506e37077b1c4e68fb4e588ab95cae5878a9ff312c07b108799aab0ac382b5701633b1d4f726c531de66c9b1e6936
- SSDEEP
  
  12288:gpRhyQwI+mkC3K5QW93TjIo7ts9DhGvd4e1MxdYy7OaADQBTjsrGzgRLYlWPEKmC:S9k15Qijoh5xdbkrjmKeHWl5D3
Score

8^/10

spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2