e5607794ccbf814d75cf150adfe90f5229a06b743eeadff105b556e28c9c4dce | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-07-01--2023-07-15_Transactions.xll
Size

590KB
Sample

230720-nat7cagb44
MD5

bc69853817c0044f100f0c21de56f57a
SHA1

aae77d3c4402043cb6358dafba0228bb110200b9
SHA256

e5607794ccbf814d75cf150adfe90f5229a06b743eeadff105b556e28c9c4dce
SHA512

d464086eeac515bb7b79e715d9c2e54884b6b6f7920dc7c2bc9c0c4a174741d7b2c2848aace5f8e21ca53d78677adc4eee4c222638bb1d702f1919239688d3ff
SSDEEP

6144:+m2GdVpDV1rNUPbZhxj7WohZnxLmB9H283A6zbKsS5ukTP2YmqK5CmPTRqbGL8kD:+I1ExjTLEBk8bzbBSrepPTsONPOm

Score

10^/10

spyware stealer

Malware Config

Extracted

Language

xlm4.0

Source

Targets

- Target
  
  2023-07-01--2023-07-15_Transactions.xll
- Size
  
  590KB
- MD5
  
  bc69853817c0044f100f0c21de56f57a
- SHA1
  
  aae77d3c4402043cb6358dafba0228bb110200b9
- SHA256
  
  e5607794ccbf814d75cf150adfe90f5229a06b743eeadff105b556e28c9c4dce
- SHA512
  
  d464086eeac515bb7b79e715d9c2e54884b6b6f7920dc7c2bc9c0c4a174741d7b2c2848aace5f8e21ca53d78677adc4eee4c222638bb1d702f1919239688d3ff
- SSDEEP
  
  6144:+m2GdVpDV1rNUPbZhxj7WohZnxLmB9H283A6zbKsS5ukTP2YmqK5CmPTRqbGL8kD:+I1ExjTLEBk8bzbBSrepPTsONPOm
Score

10^/10

spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2