01df603943a67851a94d1209250fa4bd4480559a4e4873937d3524841487c9ef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01df603943a67851a94d1209250fa4bd4480559a4e4873937d3524841487c9ef
Size

11.6MB
Sample

231008-rpnvnafc24
MD5

b6ae46e1b193509ef02e91e103df34a6
SHA1

8dec2e389d352a3fb16e2b2814353618a22aca81
SHA256

01df603943a67851a94d1209250fa4bd4480559a4e4873937d3524841487c9ef
SHA512

048e93bf83951d4210acf5a8909b3839058a57364b38f5a1fcd74fa09f092a623bd605ec49ff1598f6e95ab307b2daf7478843bf653d6319cd1c15c161018ca1
SSDEEP

196608:vi1zwRsTpygGrnlk+lujziiNfCILxOF6VPU0S3xradfRNdNosRdKv:qNwWT0lk+loLFC6VP5KrcNosK

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  01df603943a67851a94d1209250fa4bd4480559a4e4873937d3524841487c9ef
- Size
  
  11.6MB
- MD5
  
  b6ae46e1b193509ef02e91e103df34a6
- SHA1
  
  8dec2e389d352a3fb16e2b2814353618a22aca81
- SHA256
  
  01df603943a67851a94d1209250fa4bd4480559a4e4873937d3524841487c9ef
- SHA512
  
  048e93bf83951d4210acf5a8909b3839058a57364b38f5a1fcd74fa09f092a623bd605ec49ff1598f6e95ab307b2daf7478843bf653d6319cd1c15c161018ca1
- SSDEEP
  
  196608:vi1zwRsTpygGrnlk+lujziiNfCILxOF6VPU0S3xradfRNdNosRdKv:qNwWT0lk+loLFC6VP5KrcNosK
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer