1a035dc5b2f5e474e54a529c22586f1ae120280fb428f65fd8c8e2566872a7c2 | Triage

Sharing

General

Target

1a035dc5b2f5e474e54a529c22586f1ae120280fb428f65fd8c8e2566872a7c2
Size

26KB
Sample

231008-z97r9sae54
MD5

f75b1023f8c395e916a6fb1e33843a75
SHA1

83099b12b993dd8d5eeec108f83ee3e25be028a3
SHA256

1a035dc5b2f5e474e54a529c22586f1ae120280fb428f65fd8c8e2566872a7c2
SHA512

7a11d243c535ad3850eb94ee0ac62c0c1f969d2186e665cfe5b4379bf089251849ac55664994d862a2c0ef1fa758bcb9638d1099f8ce3f167ae82fa0a2ceeabb
SSDEEP

384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvTLK6:8Q3LotOPNSQVwVVxGKEvKHrVTb

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  1a035dc5b2f5e474e54a529c22586f1ae120280fb428f65fd8c8e2566872a7c2
- Size
  
  26KB
- MD5
  
  f75b1023f8c395e916a6fb1e33843a75
- SHA1
  
  83099b12b993dd8d5eeec108f83ee3e25be028a3
- SHA256
  
  1a035dc5b2f5e474e54a529c22586f1ae120280fb428f65fd8c8e2566872a7c2
- SHA512
  
  7a11d243c535ad3850eb94ee0ac62c0c1f969d2186e665cfe5b4379bf089251849ac55664994d862a2c0ef1fa758bcb9638d1099f8ce3f167ae82fa0a2ceeabb
- SSDEEP
  
  384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvTLK6:8Q3LotOPNSQVwVVxGKEvKHrVTb
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer