a6f9ee100615c19f719355bb96b381b92825a3d7fc23aa05e9f8d441a095ebdb | Triage

Sharing

General

Target

a6f9ee100615c19f719355bb96b381b92825a3d7fc23aa05e9f8d441a095ebdb
Size

25KB
Sample

230921-x78wfaaa9w
MD5

ad9ff7aa64eda319128bece3a71f0ca5
SHA1

89b60f90496140c988ed805e68871a3b96936725
SHA256

a6f9ee100615c19f719355bb96b381b92825a3d7fc23aa05e9f8d441a095ebdb
SHA512

3a4e859e1ecf3cff44c8ccf0c554769a21cf5a6d4863e7456d934db82a42051d983233a4a2a90a5af3ed0b233ce3686936b64ed6696bc45484e69a41f0a767e7
SSDEEP

384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvB:8Q3LotOPNSQVwVVxGKEvKHrVB

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  a6f9ee100615c19f719355bb96b381b92825a3d7fc23aa05e9f8d441a095ebdb
- Size
  
  25KB
- MD5
  
  ad9ff7aa64eda319128bece3a71f0ca5
- SHA1
  
  89b60f90496140c988ed805e68871a3b96936725
- SHA256
  
  a6f9ee100615c19f719355bb96b381b92825a3d7fc23aa05e9f8d441a095ebdb
- SHA512
  
  3a4e859e1ecf3cff44c8ccf0c554769a21cf5a6d4863e7456d934db82a42051d983233a4a2a90a5af3ed0b233ce3686936b64ed6696bc45484e69a41f0a767e7
- SSDEEP
  
  384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvB:8Q3LotOPNSQVwVVxGKEvKHrVB
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer