58fff4a924b57f8b24dbb173a284c0aafcd02e059430821df21467da42821175 | Triage

Sharing

General

Target

73624ae2b5f9c832e8f71ff90cc73ea7c3c34ff7813fb1181659dc1202493ebc.zip
Size

708KB
Sample

230308-nhc8ssfd9s
MD5

614f5104528d2aec8864c8181f7c47c4
SHA1

ccbcb2a762f95137670f741fff21d1ed18635d7d
SHA256

58fff4a924b57f8b24dbb173a284c0aafcd02e059430821df21467da42821175
SHA512

c4f89c7bfcf5f86edfbdddb8aa4546f0e41520acd3e1f57dde1de3f9dde88421a58daedec6d350a74e41b352d966e04b8d3875cde19246f7c3deaf81c854208d
SSDEEP

12288:036jEIQ0SK5TU6kvIii504AvZ/GEgwgGJkG9YKwvdXz2qyAz73auWhbQmE:E6jEB4TU6YIdLAvqwgG2G9YddXjV33lD

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  73624ae2b5f9c832e8f71ff90cc73ea7c3c34ff7813fb1181659dc1202493ebc.exe
- Size
  
  901KB
- MD5
  
  63897474afd6771fcdc9ef3493edb0b6
- SHA1
  
  2bfebbe064739a51e0971db115c9a5b592bc8332
- SHA256
  
  73624ae2b5f9c832e8f71ff90cc73ea7c3c34ff7813fb1181659dc1202493ebc
- SHA512
  
  7e16c343c9c4daa4d522b1f476f0c2be426a2e086d6bfbb6a83c6907072cd67c901ae1f9acf271a6fed9940b07e7038e0663ae5bcbf5c475fa2becf99b6429df
- SSDEEP
  
  12288:en7Wy8ptDBiyJwRgPtqcLhnu6+BsNHSyCXvpltbyJJygiBH8VHATX:0Wy8pt1iywgLL0TJy4yJJVM
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2