ea17303f6dc9d21f61d9bb9558ebbe3ebc95f4d612c50fab858e7db2460d7df8 | Triage

Sharing

General

Target

ea17303f6dc9d21f61d9bb9558ebbe3ebc95f4d612c50fab858e7db2460d7df8
Size

25KB
Sample

230831-hykd6add4t
MD5

60f6e8250693d698945a9744a08aea75
SHA1

c5391a4165c1df0686e7d312169c5881904a2bde
SHA256

ea17303f6dc9d21f61d9bb9558ebbe3ebc95f4d612c50fab858e7db2460d7df8
SHA512

e8c353f365d835ee71dda5119cd6ac52f980d1639541a8c44eaf9eca8b2514b8f0af26e3e082c9219afcef63d271d9d03e3c7641608c99820c6a0462f3335e61
SSDEEP

384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjv/+Vl:8Q3LotOPNSQVwVVxGKEvKHrV2l

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  ea17303f6dc9d21f61d9bb9558ebbe3ebc95f4d612c50fab858e7db2460d7df8
- Size
  
  25KB
- MD5
  
  60f6e8250693d698945a9744a08aea75
- SHA1
  
  c5391a4165c1df0686e7d312169c5881904a2bde
- SHA256
  
  ea17303f6dc9d21f61d9bb9558ebbe3ebc95f4d612c50fab858e7db2460d7df8
- SHA512
  
  e8c353f365d835ee71dda5119cd6ac52f980d1639541a8c44eaf9eca8b2514b8f0af26e3e082c9219afcef63d271d9d03e3c7641608c99820c6a0462f3335e61
- SSDEEP
  
  384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjv/+Vl:8Q3LotOPNSQVwVVxGKEvKHrV2l
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer