c580eaf3eea342256f20b770ac7b885588592f284a669bc07b2a02047fadac96 | Triage

Sharing

General

Target

Sales Shopify.rar
Size

9.3MB
Sample

230724-flt2qaae2y
MD5

e18f4cb9c7423eeb73987a7262ed09f1
SHA1

0d00955ba66b84ed4e325b49937713ab375208c1
SHA256

c580eaf3eea342256f20b770ac7b885588592f284a669bc07b2a02047fadac96
SHA512

4cb69ce51a470396e14d476ac00516c99eb373500e21fe89e782e2fbf22addb812b71090860aa79bbbb31d014295aefa22719926068da3ad55300ad8a79e2022
SSDEEP

196608:Hv0sO9ukSzC+2NzZyrIQgmjXDB1vH/pztlhy247bhLmWX4m4zfkX:q4h52NqgmjX91vBtlU24fUtm4zfkX

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  Sales Shopify.bat
- Size
  
  12.0MB
- MD5
  
  006d8814fe9e642ecb24e0185c55d533
- SHA1
  
  3bd1949b7602aa253d4fca6af46a7c90daf5dc12
- SHA256
  
  bb1b201537a114b5de2bc8a8fe53564cd1962caa319b67015a43b27439184572
- SHA512
  
  4d6b02d0d23e058ff4cd8c08545251260264cb7f2429d8b3b7a34e9897e5fdf65ec4ed63a27f821d2613d4d2c7274e57c92fd9c9368c8dc3e9253ec5fad73f03
- SSDEEP
  
  49152:KiPwNeY4zGtQ+EabUYPp5Af3GMDbA4w3Po779gQVb+dm/xXUmH0y3QbtXVq2Bdk5:5
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2