746d3f266a1d6c17fd484a741cad28bb0578e63d235abefb6f949b90a1108a96 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63dbdf9801348b5c64e40a82079513bb.exe
Size

946KB
Sample

230803-js9mjacb29
MD5

63dbdf9801348b5c64e40a82079513bb
SHA1

9dc98beaa5776f9288aeccc42bf7472c354f6b01
SHA256

746d3f266a1d6c17fd484a741cad28bb0578e63d235abefb6f949b90a1108a96
SHA512

669de3d25350ea678b6f222437b855f01346eea165a7f354d5057e0b998b9c0e5c1b01c5fd6bd7a81270256f31f254a136e72610c500f371b8af84b00d3ce8dc
SSDEEP

12288:ZEKaJo0mJfggmcGNZ8SuXx9iS9fYb7alHx6T7cm6dOxF/syH2/DMCR+:Lr/mcGNZeXrZ1mcMT7x6gF72/Df+

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  63dbdf9801348b5c64e40a82079513bb.exe
- Size
  
  946KB
- MD5
  
  63dbdf9801348b5c64e40a82079513bb
- SHA1
  
  9dc98beaa5776f9288aeccc42bf7472c354f6b01
- SHA256
  
  746d3f266a1d6c17fd484a741cad28bb0578e63d235abefb6f949b90a1108a96
- SHA512
  
  669de3d25350ea678b6f222437b855f01346eea165a7f354d5057e0b998b9c0e5c1b01c5fd6bd7a81270256f31f254a136e72610c500f371b8af84b00d3ce8dc
- SSDEEP
  
  12288:ZEKaJo0mJfggmcGNZ8SuXx9iS9fYb7alHx6T7cm6dOxF/syH2/DMCR+:Lr/mcGNZeXrZ1mcMT7x6gF72/Df+
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2