aa06f9712e5468f9df30cd124b2f26d9d5a3f2eb46fa23af594ced8b7c69322f | Triage

Sharing

General

Target

aa06f9712e5468f9df30cd124b2f26d9d5a3f2eb46fa23af594ced8b7c69322f.exe
Size

416KB
Sample

231010-qcmldsff44
MD5

82114dfe88bcc2f83faf00cb8bef998b
SHA1

a68c7e580774b489937ca9510bed20a2af5b2f35
SHA256

aa06f9712e5468f9df30cd124b2f26d9d5a3f2eb46fa23af594ced8b7c69322f
SHA512

1fb0d58cd2545d6d9d40c0772a6ee223c11e33c327c8e65e0636558e06fa2f04ac70c4c3b0a00df99f22146889cb28f4d5d764a1b5a6428d3143838e0953b2b5
SSDEEP

12288:PYUObZYMG+yTIFRXzWq49tmG+jZmvA5Vapysf:PYUAY+b149tmkA5Vaj

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  aa06f9712e5468f9df30cd124b2f26d9d5a3f2eb46fa23af594ced8b7c69322f.exe
- Size
  
  416KB
- MD5
  
  82114dfe88bcc2f83faf00cb8bef998b
- SHA1
  
  a68c7e580774b489937ca9510bed20a2af5b2f35
- SHA256
  
  aa06f9712e5468f9df30cd124b2f26d9d5a3f2eb46fa23af594ced8b7c69322f
- SHA512
  
  1fb0d58cd2545d6d9d40c0772a6ee223c11e33c327c8e65e0636558e06fa2f04ac70c4c3b0a00df99f22146889cb28f4d5d764a1b5a6428d3143838e0953b2b5
- SSDEEP
  
  12288:PYUObZYMG+yTIFRXzWq49tmG+jZmvA5Vapysf:PYUAY+b149tmkA5Vaj
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2