636cd57e68d6fcedff87bf195e1d8e4bafa94f80bb16f9288358f0d7790de41c | Triage

Sharing

General

Target

636cd57e68d6fcedff87bf195e1d8e4bafa94f80bb16f9288358f0d7790de41c
Size

26KB
Sample

231008-z8wzdaae44
MD5

5361642dc7ff47872beccac34327aba7
SHA1

563fede7361b8cf49f11dac4ac13c7c4e35b4807
SHA256

636cd57e68d6fcedff87bf195e1d8e4bafa94f80bb16f9288358f0d7790de41c
SHA512

06c44c71f6d7603aa182ee64980b3da09366c3288aec6de47f80e3743c379280faed17fc9d8d7c3c0def84106f926ef9f9db0163ffb249d8d9cbfe23e66a3962
SSDEEP

384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvO:8Q3LotOPNSQVwVVxGKEvKHrVO

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  636cd57e68d6fcedff87bf195e1d8e4bafa94f80bb16f9288358f0d7790de41c
- Size
  
  26KB
- MD5
  
  5361642dc7ff47872beccac34327aba7
- SHA1
  
  563fede7361b8cf49f11dac4ac13c7c4e35b4807
- SHA256
  
  636cd57e68d6fcedff87bf195e1d8e4bafa94f80bb16f9288358f0d7790de41c
- SHA512
  
  06c44c71f6d7603aa182ee64980b3da09366c3288aec6de47f80e3743c379280faed17fc9d8d7c3c0def84106f926ef9f9db0163ffb249d8d9cbfe23e66a3962
- SSDEEP
  
  384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvO:8Q3LotOPNSQVwVVxGKEvKHrVO
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer