5c2f383ed48b904a6277f2cc49ae81a6399ab15137f2a0a8ab26ab065ca77e95 | Triage

Sharing

General

Target

46b241f63384e8e943b1c0ae780eddd0.bin
Size

193KB
Sample

230313-msj9esca31
MD5

d9d8f24eceb86c025bd0f14d8ea467c7
SHA1

a3b8ab706f21dd83fd572ed06af3e6a2ce1e3f62
SHA256

5c2f383ed48b904a6277f2cc49ae81a6399ab15137f2a0a8ab26ab065ca77e95
SHA512

ed18a7f2d04b617f299df4c417e5f162ab845742c19310d27ac8d65c58303dddbad0f53cb5a04a4ed8fde7d3e0599f9c09fc5adc9d96af87cf1c7b48920e3e04
SSDEEP

6144:DrHuixcxJMExDTOGiVqks4vdXXmXdke34aHn:DLGxuExXOPrs8gdN4Sn

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  b14c6093ebf544c55a6f3945db86881c61bf06c5b7cb2017c10ce1ef9480460e.exe
- Size
  
  370KB
- MD5
  
  46b241f63384e8e943b1c0ae780eddd0
- SHA1
  
  710dcabb5da1647d5c8ffcbf0d83122be53361b2
- SHA256
  
  b14c6093ebf544c55a6f3945db86881c61bf06c5b7cb2017c10ce1ef9480460e
- SHA512
  
  8fe6e182b4034691ee431cb7c115f8735698b433dd82183119dee324eb8b2bb69db7aeade6dd7636198f432097e80ec5f1b7eaf716ccf709bb3ea78daed2e8eb
- SSDEEP
  
  6144:AqlASMp5H5Dh6MQFFU+dGAwuFSAfqI7HohOTHC:dlASo5H5D0MkU1oSC7Hoq
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2