2422c3ebad57a729337a745cca090549ad512a0696753ee85754b158e4d8b84c | Triage

Resubmissions

05-06-2023 09:01

230605-kzbvhsgb2v 7

04-06-2023 22:35

230604-2h5vpsea34 7

Sharing

General

Target

Setup.exe
Size

63.9MB
Sample

230604-2h5vpsea34
MD5

fcda63e4a0f20055e4bb2e95e4671366
SHA1

cfbdc3812a9fdd378f2af7a5c0ec07199d6257ff
SHA256

2422c3ebad57a729337a745cca090549ad512a0696753ee85754b158e4d8b84c
SHA512

5f5d262e25a124d13029b4f38f9212c62928d6926605371a442a3b2c509a0ec69c8155af1901ec852beeab6cb5c8ab5dbf2b113be952ef32f3783222ca7cbd56
SSDEEP

1572864:GjddrbWj4Lrn3/mx+LeHP79ZN7ER0H93h2X+l:6fWjQrn3K2wPJr6O5CI

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  63.9MB
- MD5
  
  fcda63e4a0f20055e4bb2e95e4671366
- SHA1
  
  cfbdc3812a9fdd378f2af7a5c0ec07199d6257ff
- SHA256
  
  2422c3ebad57a729337a745cca090549ad512a0696753ee85754b158e4d8b84c
- SHA512
  
  5f5d262e25a124d13029b4f38f9212c62928d6926605371a442a3b2c509a0ec69c8155af1901ec852beeab6cb5c8ab5dbf2b113be952ef32f3783222ca7cbd56
- SSDEEP
  
  1572864:GjddrbWj4Lrn3/mx+LeHP79ZN7ER0H93h2X+l:6fWjQrn3K2wPJr6O5CI
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2