33eb404307f39e4eee686aa5c3ede56837998f172148371fb241579fca043803 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06258d3f31456a25ca8e09c14c7e4b50.exe
Size

423KB
Sample

230522-anvs5sda86
MD5

06258d3f31456a25ca8e09c14c7e4b50
SHA1

6283444018de6d2c4fd09e4b43931191ac75d6a4
SHA256

33eb404307f39e4eee686aa5c3ede56837998f172148371fb241579fca043803
SHA512

a134c146e7971717049bb1b6f50fcd280149917097709740e1483d0d116f7be4a2e2e30372272090e127499bf8a4638bcb578a9a1111b01285c1f2dbc1f8a087
SSDEEP

6144:8E69BOLoZY94whiXZcw6tPHQra6KtAC6icxT57eQ:g9IMZY94+ipcw6Vwra6K2Bia1J

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  06258d3f31456a25ca8e09c14c7e4b50.exe
- Size
  
  423KB
- MD5
  
  06258d3f31456a25ca8e09c14c7e4b50
- SHA1
  
  6283444018de6d2c4fd09e4b43931191ac75d6a4
- SHA256
  
  33eb404307f39e4eee686aa5c3ede56837998f172148371fb241579fca043803
- SHA512
  
  a134c146e7971717049bb1b6f50fcd280149917097709740e1483d0d116f7be4a2e2e30372272090e127499bf8a4638bcb578a9a1111b01285c1f2dbc1f8a087
- SSDEEP
  
  6144:8E69BOLoZY94whiXZcw6tPHQra6KtAC6icxT57eQ:g9IMZY94+ipcw6Vwra6K2Bia1J
Score

8^/10

discovery spyware stealer
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer