86251a7f3672bb32477a89d21eab79979fa8eb69a8daa2cde5757e9e63122b1e | Triage

Sharing

General

Target

86251a7f3672bb32477a89d21eab79979fa8eb69a8daa2cde5757e9e63122b1e
Size

25KB
Sample

231011-2z644aaf4z
MD5

29afbc2fd7a154c6137f6caa2a57e818
SHA1

e442fd8112231e2dd02b008bf89fe8d07a1ba558
SHA256

86251a7f3672bb32477a89d21eab79979fa8eb69a8daa2cde5757e9e63122b1e
SHA512

a879121d52711c4c84d5dc1330864e120f2a8e74eead130d6d8e95ae7eb59ba805c9f9f94e57cd7c955b9c008e4a4b6f9f9d21913fa17a99af50456cfeadbcd3
SSDEEP

384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvb:8Q3LotOPNSQVwVVxGKEvKHrVb

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  86251a7f3672bb32477a89d21eab79979fa8eb69a8daa2cde5757e9e63122b1e
- Size
  
  25KB
- MD5
  
  29afbc2fd7a154c6137f6caa2a57e818
- SHA1
  
  e442fd8112231e2dd02b008bf89fe8d07a1ba558
- SHA256
  
  86251a7f3672bb32477a89d21eab79979fa8eb69a8daa2cde5757e9e63122b1e
- SHA512
  
  a879121d52711c4c84d5dc1330864e120f2a8e74eead130d6d8e95ae7eb59ba805c9f9f94e57cd7c955b9c008e4a4b6f9f9d21913fa17a99af50456cfeadbcd3
- SSDEEP
  
  384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvb:8Q3LotOPNSQVwVVxGKEvKHrVb
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer