ea0c1b10a9afebc6743051403a27f5f77e07896d726a77107a11d7f4ad7f2112 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea0c1b10a9afebc6743051403a27f5f77e07896d726a77107a11d7f4ad7f2112
Size

147KB
Sample

230815-mm2lhsac22
MD5

00b535a495d62c234e7368001dfb3673
SHA1

3ec51de07f072893c08b72f22f3621b119a4c502
SHA256

ea0c1b10a9afebc6743051403a27f5f77e07896d726a77107a11d7f4ad7f2112
SHA512

cf6c821e4369c9cf8e51baf81afd8feaf99e21492f0fea743b16b2a52400bae5c34d2bf36924c62f9b9d2ff15cf6559e86dbe7d3fb437bea2b997e8bb91a190e
SSDEEP

1536:2tXuRksrz8GvnGVT/igXrotyFD+ljb6e2s82qjUbb5d6ojOepel5:2JuRR8aYrFob8LjUbb5d6u6

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  ea0c1b10a9afebc6743051403a27f5f77e07896d726a77107a11d7f4ad7f2112
- Size
  
  147KB
- MD5
  
  00b535a495d62c234e7368001dfb3673
- SHA1
  
  3ec51de07f072893c08b72f22f3621b119a4c502
- SHA256
  
  ea0c1b10a9afebc6743051403a27f5f77e07896d726a77107a11d7f4ad7f2112
- SHA512
  
  cf6c821e4369c9cf8e51baf81afd8feaf99e21492f0fea743b16b2a52400bae5c34d2bf36924c62f9b9d2ff15cf6559e86dbe7d3fb437bea2b997e8bb91a190e
- SSDEEP
  
  1536:2tXuRksrz8GvnGVT/igXrotyFD+ljb6e2s82qjUbb5d6ojOepel5:2JuRR8aYrFob8LjUbb5d6u6
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2