44af725a81d98514bbb667964a4bffa861814c8202a5e165f66a42a0c8b51da8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

OriginThinSetup.exe
Size

60.7MB
Sample

230313-fr3wtagf58
MD5

ff7cbbf892873ec965212d9d372f8aec
SHA1

ca10487409dd63ae23d53aea3f31ca763a7d6e2c
SHA256

44af725a81d98514bbb667964a4bffa861814c8202a5e165f66a42a0c8b51da8
SHA512

f0c9bca4e640b9ea6f31032f4556980f9175a125d806aa3663fe149409d309984c50b3552f391f0770e4b90abc9af81381eecf7c6218de5900e2253ad13c248e
SSDEEP

1572864:EXZqcj4ntO5wNN13X1/VHHAxK4/ei0z156E4q6A7HMqJm:V/1V/dHAp/e3z156eHy

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  OriginThinSetup.exe
- Size
  
  60.7MB
- MD5
  
  ff7cbbf892873ec965212d9d372f8aec
- SHA1
  
  ca10487409dd63ae23d53aea3f31ca763a7d6e2c
- SHA256
  
  44af725a81d98514bbb667964a4bffa861814c8202a5e165f66a42a0c8b51da8
- SHA512
  
  f0c9bca4e640b9ea6f31032f4556980f9175a125d806aa3663fe149409d309984c50b3552f391f0770e4b90abc9af81381eecf7c6218de5900e2253ad13c248e
- SSDEEP
  
  1572864:EXZqcj4ntO5wNN13X1/VHHAxK4/ei0z156E4q6A7HMqJm:V/1V/dHAp/e3z156eHy
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2