53e00a4184accd0427b110d614ca18eeb37de902a4c6d2782cfb1f2302f78ada | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25acb3c8a3c63f1a8831cf1ae31d8522.exe
Size

290KB
Sample

230604-ld6y7scc9y
MD5

25acb3c8a3c63f1a8831cf1ae31d8522
SHA1

0b1770768ff7369835b9c17f50c8982e8183f177
SHA256

53e00a4184accd0427b110d614ca18eeb37de902a4c6d2782cfb1f2302f78ada
SHA512

3df60e18d967f1a0601a86a97687cca0471b6834a960ac91e99724b6122ccdb57ab5ad99f1396ce52b39a2d1eda2aff24ecbca4d018b1427175fbd8e4a7f9938
SSDEEP

6144:ZkVt6M3Wtd6sdjWtJ/KFvtp7zkIe6iPZQLHd:WXjWt3djlH1+ZQ7

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  25acb3c8a3c63f1a8831cf1ae31d8522.exe
- Size
  
  290KB
- MD5
  
  25acb3c8a3c63f1a8831cf1ae31d8522
- SHA1
  
  0b1770768ff7369835b9c17f50c8982e8183f177
- SHA256
  
  53e00a4184accd0427b110d614ca18eeb37de902a4c6d2782cfb1f2302f78ada
- SHA512
  
  3df60e18d967f1a0601a86a97687cca0471b6834a960ac91e99724b6122ccdb57ab5ad99f1396ce52b39a2d1eda2aff24ecbca4d018b1427175fbd8e4a7f9938
- SSDEEP
  
  6144:ZkVt6M3Wtd6sdjWtJ/KFvtp7zkIe6iPZQLHd:WXjWt3djlH1+ZQ7
Score

8^/10

discovery spyware stealer
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer