4fa67b74231f1e0e1d09d7e8c63d4332595effc2761b9779cb381b9769a48fed | Triage

Sharing

General

Target

NEAS.08abe5dca7bdaf7be5ee635b64a5e4d0_JC.exe
Size

487KB
Sample

231011-txhdysbg87
MD5

08abe5dca7bdaf7be5ee635b64a5e4d0
SHA1

4ad4be48e71788e4cb9aa781f1445116029fa8f0
SHA256

4fa67b74231f1e0e1d09d7e8c63d4332595effc2761b9779cb381b9769a48fed
SHA512

b2d9b4cd15ae41e73c91e72e5b1b745f41504235e3776cf362b4967799f9b5a4a86717b1aa6cee0666fb15acc9a01463719731a4fbf8d218e0df3a615825e300
SSDEEP

6144:dMeftb6+Imb285B+zv0AtfwN+IhMdrOVfnPUQDW0/tCB6tPCUBejJL0KiNeLbpca:Octbhb2IB+3tI+sOCtAUBULlTnpcaP

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  NEAS.08abe5dca7bdaf7be5ee635b64a5e4d0_JC.exe
- Size
  
  487KB
- MD5
  
  08abe5dca7bdaf7be5ee635b64a5e4d0
- SHA1
  
  4ad4be48e71788e4cb9aa781f1445116029fa8f0
- SHA256
  
  4fa67b74231f1e0e1d09d7e8c63d4332595effc2761b9779cb381b9769a48fed
- SHA512
  
  b2d9b4cd15ae41e73c91e72e5b1b745f41504235e3776cf362b4967799f9b5a4a86717b1aa6cee0666fb15acc9a01463719731a4fbf8d218e0df3a615825e300
- SSDEEP
  
  6144:dMeftb6+Imb285B+zv0AtfwN+IhMdrOVfnPUQDW0/tCB6tPCUBejJL0KiNeLbpca:Octbhb2IB+3tI+sOCtAUBULlTnpcaP
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2