dcb68118ff92ef68102267b971bffaa30e3f2fad4ae70a2e9bb8cec676df7ca6 | Triage

Resubmissions

26-08-2023 17:24

230826-vyq8xscc57 7

26-08-2023 17:20

230826-vwsnzaea6z 7

Sharing

General

Target

PROVIDING ALL THE SAID DOCUMENTS.IMG
Size

1.5MB
Sample

230826-vyq8xscc57
MD5

b8771b151db76473932c3596062ec6ad
SHA1

b4515467cea6b6ab165566d258966c0d1a42a14d
SHA256

dcb68118ff92ef68102267b971bffaa30e3f2fad4ae70a2e9bb8cec676df7ca6
SHA512

645aca0ece7372433bfbab4d422cdb94d4efe5841de4dd940d72793b011ec27c9bddaca3c02dfbe695ccde0c45f5f08883b284056ea6c22786a277254514072c
SSDEEP

24576:zLLFoXm8uCm/0gzIKoudoQw2bsGtAXl4X:/LFoDuj/nEKJsnl4X

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  PROVIDIN.BAT
- Size
  
  941KB
- MD5
  
  44e614f87ec86a7bf36c4e9e6255c69c
- SHA1
  
  5be290a0d38ee0082edad7f8b2a63eaa06ae4d05
- SHA256
  
  98cb4451f1bd561121d0ca74d5a114f7ed0b78dd82a748638b2b3c6eec741cf5
- SHA512
  
  bbdcdba3ca8ce9b801c517dfbfeb25c80fb97107694a4c26592e62f680cb50061ac772f509ff02c177adf465447ed2889f4114c10743d59327291c8ad0bd245c
- SSDEEP
  
  24576:LLLFoXm8uCm/0gzIKoudoQw2bsGtAXl4XH:nLFoDuj/nEKJsnl4XH
Score

7^/10

spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2