581ca67c48b59e28fbbdc761a03ee3e432143004ef1f3c3ac2e29a3e93c6c95a | Triage

Sharing

General

Target

581ca67c48b59e28fbbdc761a03ee3e432143004ef1f3c3ac2e29a3e93c6c95a
Size

25KB
Sample

231012-jvp1xahg49
MD5

f162634a063241ae0205327011c98543
SHA1

b5981dc6420a55db8eaf35d3e9fb9e744038bec5
SHA256

581ca67c48b59e28fbbdc761a03ee3e432143004ef1f3c3ac2e29a3e93c6c95a
SHA512

13abca6b97ee1a37abb3a5888a5728d5063445dc9aa42674b6a89345a324afd512e07f8686f6a8afd4aed14464e44071fd6f180da88433bd4a27d583a7af4e02
SSDEEP

384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvvcG:8Q3LotOPNSQVwVVxGKEvKHrVvR

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  581ca67c48b59e28fbbdc761a03ee3e432143004ef1f3c3ac2e29a3e93c6c95a
- Size
  
  25KB
- MD5
  
  f162634a063241ae0205327011c98543
- SHA1
  
  b5981dc6420a55db8eaf35d3e9fb9e744038bec5
- SHA256
  
  581ca67c48b59e28fbbdc761a03ee3e432143004ef1f3c3ac2e29a3e93c6c95a
- SHA512
  
  13abca6b97ee1a37abb3a5888a5728d5063445dc9aa42674b6a89345a324afd512e07f8686f6a8afd4aed14464e44071fd6f180da88433bd4a27d583a7af4e02
- SSDEEP
  
  384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvvcG:8Q3LotOPNSQVwVVxGKEvKHrVvR
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer