203bab70447719f21986236d9aeefad9debdbd06138730cafcef3ddca875923c | Triage

Resubmissions

15/04/2023, 23:14

230415-27643ahf8v 7

15/04/2023, 23:10

230415-25r75aga99 7

Sharing

Copy URL Twitter E-mail

General

Target

qu054385.exe
Size

486KB
Sample

230415-27643ahf8v
MD5

7e24b1dedf139385183e7841ed78992f
SHA1

8e3bc5f7dda5847f97d5a7a61d7d98b0dbc9cba2
SHA256

203bab70447719f21986236d9aeefad9debdbd06138730cafcef3ddca875923c
SHA512

d4c01ee175481ecd3daf84c7b36fae7649bf9c60c58fb50b2cf9d65b0674d6d9c9665369229457013b4a1b406e6e7884756ca50293905d3e3808b748b6afa4c5
SSDEEP

6144:RExY2MieE1vFfQ4SbhDGPTUvmYE3SgmdiyiUjdvZblKwe4:REy2MieE1NfQ4SbhSIvDdPbh5lKt4

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  qu054385.exe
- Size
  
  486KB
- MD5
  
  7e24b1dedf139385183e7841ed78992f
- SHA1
  
  8e3bc5f7dda5847f97d5a7a61d7d98b0dbc9cba2
- SHA256
  
  203bab70447719f21986236d9aeefad9debdbd06138730cafcef3ddca875923c
- SHA512
  
  d4c01ee175481ecd3daf84c7b36fae7649bf9c60c58fb50b2cf9d65b0674d6d9c9665369229457013b4a1b406e6e7884756ca50293905d3e3808b748b6afa4c5
- SSDEEP
  
  6144:RExY2MieE1vFfQ4SbhDGPTUvmYE3SgmdiyiUjdvZblKwe4:REy2MieE1NfQ4SbhSIvDdPbh5lKt4
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer