780c4a58cf5e190d56894608829eebbd549ed86b75f73bc721ca3f814b4b62fd | Triage

Sharing

General

Target

780c4a58cf5e190d56894608829eebbd549ed86b75f73bc721ca3f814b4b62fd
Size

25KB
Sample

230904-hdj8naeg34
MD5

b8e96c5ff379af2aa1f48d7241395d72
SHA1

4e0f1f6a29d1436a1ad95c23222cec5449893a29
SHA256

780c4a58cf5e190d56894608829eebbd549ed86b75f73bc721ca3f814b4b62fd
SHA512

48cbaf363c0f9eb2d35941048d96317077e5e302cf4be2d6d31ecd47f7ee802651bc200750c5866e82523c6bde1fd0092abcf9b24452ac63c21d5c099648e0c0
SSDEEP

384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvQ5Xr:8Q3LotOPNSQVwVVxGKEvKHrVQ5Xr

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  780c4a58cf5e190d56894608829eebbd549ed86b75f73bc721ca3f814b4b62fd
- Size
  
  25KB
- MD5
  
  b8e96c5ff379af2aa1f48d7241395d72
- SHA1
  
  4e0f1f6a29d1436a1ad95c23222cec5449893a29
- SHA256
  
  780c4a58cf5e190d56894608829eebbd549ed86b75f73bc721ca3f814b4b62fd
- SHA512
  
  48cbaf363c0f9eb2d35941048d96317077e5e302cf4be2d6d31ecd47f7ee802651bc200750c5866e82523c6bde1fd0092abcf9b24452ac63c21d5c099648e0c0
- SSDEEP
  
  384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvQ5Xr:8Q3LotOPNSQVwVVxGKEvKHrVQ5Xr
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer