661d036ec473b61d9f8352a84550bfbb034e78480ea7d10bf26b187be97925a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aec064bff32cd9eb96bfd5a60e2fdae2_JC.exe
Size

279KB
Sample

231012-1gv4fade63
MD5

aec064bff32cd9eb96bfd5a60e2fdae2
SHA1

da5ad736369ca84f3181a4aa170f4c8e6ac4f477
SHA256

661d036ec473b61d9f8352a84550bfbb034e78480ea7d10bf26b187be97925a3
SHA512

70cbadd3a994779b95c558e52698da4d9b9d973ace65b63e68083f3938ed21af9d647a36585c93c671aa447e776d82ffdeed906f2854a9c63d192ce75dd70ea6
SSDEEP

6144:dXC4vgmhbIxs3NBB9i+Gg3W8lKpI9ffX0XOuM+SLcI:dXCNi9BO+Gg3W8U2VfXMIcI

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  aec064bff32cd9eb96bfd5a60e2fdae2_JC.exe
- Size
  
  279KB
- MD5
  
  aec064bff32cd9eb96bfd5a60e2fdae2
- SHA1
  
  da5ad736369ca84f3181a4aa170f4c8e6ac4f477
- SHA256
  
  661d036ec473b61d9f8352a84550bfbb034e78480ea7d10bf26b187be97925a3
- SHA512
  
  70cbadd3a994779b95c558e52698da4d9b9d973ace65b63e68083f3938ed21af9d647a36585c93c671aa447e776d82ffdeed906f2854a9c63d192ce75dd70ea6
- SSDEEP
  
  6144:dXC4vgmhbIxs3NBB9i+Gg3W8lKpI9ffX0XOuM+SLcI:dXCNi9BO+Gg3W8U2VfXMIcI
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer