0bfe6aeb1c0b5ae25c0e499021bb5eb7659fb2209dcdb6a9dc5269e3da934f20 | Triage

Sharing

General

Target

0bfe6aeb1c0b5ae25c0e499021bb5eb7659fb2209dcdb6a9dc5269e3da934f20
Size

2.6MB
Sample

230820-zfl9gaah3t
MD5

2b492ae3cd690ae4ca6bdd4a3640967c
SHA1

aabf45b7e168a259deda293c29de3459d3fd470c
SHA256

0bfe6aeb1c0b5ae25c0e499021bb5eb7659fb2209dcdb6a9dc5269e3da934f20
SHA512

ba7cf8def5517933612f337d632d9e582e19a837c791646114a26a5246a854dcab27ae440cd8e2f42cfbba90f41cac954d43cac9b7a31c36717ad8a08228ceef
SSDEEP

24576:+A8vyrepIND/0bfSPdaYpRFoFpR+h+8fEvdDrGnrdEROGHOhdYiWdCMJ5QxlpYCi:+A81IJPVgKEvdDqnroHOwiW0MbQxJHO

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  0bfe6aeb1c0b5ae25c0e499021bb5eb7659fb2209dcdb6a9dc5269e3da934f20
- Size
  
  2.6MB
- MD5
  
  2b492ae3cd690ae4ca6bdd4a3640967c
- SHA1
  
  aabf45b7e168a259deda293c29de3459d3fd470c
- SHA256
  
  0bfe6aeb1c0b5ae25c0e499021bb5eb7659fb2209dcdb6a9dc5269e3da934f20
- SHA512
  
  ba7cf8def5517933612f337d632d9e582e19a837c791646114a26a5246a854dcab27ae440cd8e2f42cfbba90f41cac954d43cac9b7a31c36717ad8a08228ceef
- SSDEEP
  
  24576:+A8vyrepIND/0bfSPdaYpRFoFpR+h+8fEvdDrGnrdEROGHOhdYiWdCMJ5QxlpYCi:+A81IJPVgKEvdDqnroHOwiW0MbQxJHO
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2