c485569d9ffc8861a843bb30e3ae3283db8747e2fb66801980f19d98a67b8bc4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c485569d9ffc8861a843bb30e3ae3283db8747e2fb66801980f19d98a67b8bc4
Size

5.3MB
Sample

230131-x149nshh25
MD5

09d8e6ea3080b493ca4034bbc7c4cf65
SHA1

22eee0a66a411d06e991e0c5d82cec5b5f29e383
SHA256

c485569d9ffc8861a843bb30e3ae3283db8747e2fb66801980f19d98a67b8bc4
SHA512

0d8ccc0b0c063fc504f4fff375226bed4a23b76f5db132e492878b36ffb4b1bbd25824942d42962e34fcab3fca1717aa2408073b4dcef753a5eb71d7500d8fb2
SSDEEP

98304:c99E4e/UaOdFfrcmTSPEMS7AdDv6l2Bww:SbCmemxsT68ww

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  c485569d9ffc8861a843bb30e3ae3283db8747e2fb66801980f19d98a67b8bc4
- Size
  
  5.3MB
- MD5
  
  09d8e6ea3080b493ca4034bbc7c4cf65
- SHA1
  
  22eee0a66a411d06e991e0c5d82cec5b5f29e383
- SHA256
  
  c485569d9ffc8861a843bb30e3ae3283db8747e2fb66801980f19d98a67b8bc4
- SHA512
  
  0d8ccc0b0c063fc504f4fff375226bed4a23b76f5db132e492878b36ffb4b1bbd25824942d42962e34fcab3fca1717aa2408073b4dcef753a5eb71d7500d8fb2
- SSDEEP
  
  98304:c99E4e/UaOdFfrcmTSPEMS7AdDv6l2Bww:SbCmemxsT68ww
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2