ce9d756654d78d1a78d4fb528dede195b0029d70af55837b7d9de1d31cf2ba19 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ce9d756654d78d1a78d4fb528dede195b0029d70af55837b7d9de1d31cf2ba19
Size

2.8MB
Sample

230827-gtvtnafg93
MD5

0db2f877034eae2d714b3079697a5792
SHA1

918cc48474a409a6455d37a921b39162915d224c
SHA256

ce9d756654d78d1a78d4fb528dede195b0029d70af55837b7d9de1d31cf2ba19
SHA512

4c4062482897b45a5d4b88284504817bea810b2641e830b149409a5d351a37c327f638cd086be61ea81dea8596c7fda9b905ee21715de71fbea77736b222851d
SSDEEP

49152:o6gLKJuMarhVnMFwTH8/giBiBcbk4ZxZ2DqFeVMhuxcPh:1d1XdhBiiMa7

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  ce9d756654d78d1a78d4fb528dede195b0029d70af55837b7d9de1d31cf2ba19
- Size
  
  2.8MB
- MD5
  
  0db2f877034eae2d714b3079697a5792
- SHA1
  
  918cc48474a409a6455d37a921b39162915d224c
- SHA256
  
  ce9d756654d78d1a78d4fb528dede195b0029d70af55837b7d9de1d31cf2ba19
- SHA512
  
  4c4062482897b45a5d4b88284504817bea810b2641e830b149409a5d351a37c327f638cd086be61ea81dea8596c7fda9b905ee21715de71fbea77736b222851d
- SSDEEP
  
  49152:o6gLKJuMarhVnMFwTH8/giBiBcbk4ZxZ2DqFeVMhuxcPh:1d1XdhBiiMa7
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2