5b96c5e553067a8b259fb15155c79f7c632f19bb6800712f0a0ee1b328ef8d11 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b96c5e553067a8b259fb15155c79f7c632f19bb6800712f0a0ee1b328ef8d11
Size

359KB
Sample

230114-r8y5qsdd6x
MD5

aa5aba029a334162a8f6f835b10047aa
SHA1

79ec95bf557958302d5afd784f6b21690ad3b950
SHA256

5b96c5e553067a8b259fb15155c79f7c632f19bb6800712f0a0ee1b328ef8d11
SHA512

f67aaf8817e49713aa3716a8a38e7f4db8c97c94a3af98e4ac937e69ec7ccf185e3821344f2198e3cd9d5dd496fb302f8274d9ee4cd4cb66d3ae4b85d6fb7fe3
SSDEEP

6144:PFYljEYN80tuEJTB82XqyLFLnIGfprVvohGnoudr:PFYljEYNvu4TF1IGVvo+

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  5b96c5e553067a8b259fb15155c79f7c632f19bb6800712f0a0ee1b328ef8d11
- Size
  
  359KB
- MD5
  
  aa5aba029a334162a8f6f835b10047aa
- SHA1
  
  79ec95bf557958302d5afd784f6b21690ad3b950
- SHA256
  
  5b96c5e553067a8b259fb15155c79f7c632f19bb6800712f0a0ee1b328ef8d11
- SHA512
  
  f67aaf8817e49713aa3716a8a38e7f4db8c97c94a3af98e4ac937e69ec7ccf185e3821344f2198e3cd9d5dd496fb302f8274d9ee4cd4cb66d3ae4b85d6fb7fe3
- SSDEEP
  
  6144:PFYljEYN80tuEJTB82XqyLFLnIGfprVvohGnoudr:PFYljEYNvu4TF1IGVvo+
Score

8^/10

spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1