605242364c31f7834dfb46fcf6fe772d4a6136a3325f18148722572c4984db32 | Triage

Sharing

General

Target

client.exe
Size

17.6MB
Sample

230414-mekyssah6x
MD5

50942f929b7c394626c38e63c73910e1
SHA1

8e2f9cc3fad9527819b8dad62db16f3fe55a0266
SHA256

605242364c31f7834dfb46fcf6fe772d4a6136a3325f18148722572c4984db32
SHA512

f465190ad5e7c932ffc5a2f9f5eee76d88d3c27d7dde7e3588556fc2c832aaeffb097b0bc8d8fee38cb819a6694d10960fedab5e97d0a04129fb077a2477d45b
SSDEEP

393216:ULKkVFymGxPcJe43wCquRC3aVf5VVuoeBEzszivyj+/fmB:UOkVovPNO0qVRakPfs

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  client.exe
- Size
  
  17.6MB
- MD5
  
  50942f929b7c394626c38e63c73910e1
- SHA1
  
  8e2f9cc3fad9527819b8dad62db16f3fe55a0266
- SHA256
  
  605242364c31f7834dfb46fcf6fe772d4a6136a3325f18148722572c4984db32
- SHA512
  
  f465190ad5e7c932ffc5a2f9f5eee76d88d3c27d7dde7e3588556fc2c832aaeffb097b0bc8d8fee38cb819a6694d10960fedab5e97d0a04129fb077a2477d45b
- SSDEEP
  
  393216:ULKkVFymGxPcJe43wCquRC3aVf5VVuoeBEzszivyj+/fmB:UOkVovPNO0qVRakPfs
Score

7^/10

spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1