4cda9294318176fa939660b79446f70f9110ca9f241be92c6b0d8cc7d2321d95 | Triage

Sharing

General

Target

4cda9294318176fa939660b79446f70f9110ca9f241be92c6b0d8cc7d2321d95
Size

25KB
Sample

231012-qfq3zsde43
MD5

7fc7b67dca3c23b24a5ff3d24d37ba74
SHA1

0c460be79d140930e5c88dbd7a1c96cc8930596e
SHA256

4cda9294318176fa939660b79446f70f9110ca9f241be92c6b0d8cc7d2321d95
SHA512

27ae9dd792cb4cc6f709d30787a2fbf83a15d601f7b67f5211065d4d0440e12e5ab2c8e7b45212c80943c123bb2c3bf7afdbb0d6a240e4238aacb1939ccc462b
SSDEEP

384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvNV:8Q3LotOPNSQVwVVxGKEvKHrV3

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  4cda9294318176fa939660b79446f70f9110ca9f241be92c6b0d8cc7d2321d95
- Size
  
  25KB
- MD5
  
  7fc7b67dca3c23b24a5ff3d24d37ba74
- SHA1
  
  0c460be79d140930e5c88dbd7a1c96cc8930596e
- SHA256
  
  4cda9294318176fa939660b79446f70f9110ca9f241be92c6b0d8cc7d2321d95
- SHA512
  
  27ae9dd792cb4cc6f709d30787a2fbf83a15d601f7b67f5211065d4d0440e12e5ab2c8e7b45212c80943c123bb2c3bf7afdbb0d6a240e4238aacb1939ccc462b
- SSDEEP
  
  384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvNV:8Q3LotOPNSQVwVVxGKEvKHrV3
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer