9e57ccd47600e2e5483b7464549bad124f2f529f09ad29a570f4e583a3355968 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d86704134f65f0ebe87032f76864db5a.exe
Size

4.0MB
Sample

230609-k3bc6ace2y
MD5

d86704134f65f0ebe87032f76864db5a
SHA1

4189ddc83b8a369cf73dc3632cb8ed28bfb79eeb
SHA256

9e57ccd47600e2e5483b7464549bad124f2f529f09ad29a570f4e583a3355968
SHA512

db20eb1197e9f81d1dc5a378033dc116547d5a9444ee8679733e3513b7ba60da012550a2b40ce5124145eaaf5077fee169a1eedc19fff388af72dd6e336a94e0
SSDEEP

98304:XJs06Eg5LkheKEdyvea5ZUt9WnZQ+1yzmp8PN:XJq5cdQXCYSpS

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  d86704134f65f0ebe87032f76864db5a.exe
- Size
  
  4.0MB
- MD5
  
  d86704134f65f0ebe87032f76864db5a
- SHA1
  
  4189ddc83b8a369cf73dc3632cb8ed28bfb79eeb
- SHA256
  
  9e57ccd47600e2e5483b7464549bad124f2f529f09ad29a570f4e583a3355968
- SHA512
  
  db20eb1197e9f81d1dc5a378033dc116547d5a9444ee8679733e3513b7ba60da012550a2b40ce5124145eaaf5077fee169a1eedc19fff388af72dd6e336a94e0
- SSDEEP
  
  98304:XJs06Eg5LkheKEdyvea5ZUt9WnZQ+1yzmp8PN:XJq5cdQXCYSpS
Score

8^/10

discovery spyware stealer
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryspywarestealer