e4e5b72bee35b9fd1c0ed72bfaecf915f58b6c81aa28c9f929b92d08de1a20b1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a86f2bffe2d3605e477ce3c7ea540dd0.exe
Size

89KB
Sample

231013-zcklgade9z
MD5

a86f2bffe2d3605e477ce3c7ea540dd0
SHA1

ff4cc91ef5dc70ac7e97bee9e195cd7ff62a2057
SHA256

e4e5b72bee35b9fd1c0ed72bfaecf915f58b6c81aa28c9f929b92d08de1a20b1
SHA512

412a40fe708e238602b0eecedfafd5dcd4f288fd408ced7d072cabf81133b8b3f3b95b7d0403fb640c963f0fdef3de8f2ddc869fa420c69ff825d366004cfae3
SSDEEP

1536:P3FPfM/GXvKLVCYggD5CKC4lu+2eX+NwCVvDI47xMAaEStfHBpCHcTp6:vFU+XvKLVCY39IKi+6DJ9fHStfhp0

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  NEAS.a86f2bffe2d3605e477ce3c7ea540dd0.exe
- Size
  
  89KB
- MD5
  
  a86f2bffe2d3605e477ce3c7ea540dd0
- SHA1
  
  ff4cc91ef5dc70ac7e97bee9e195cd7ff62a2057
- SHA256
  
  e4e5b72bee35b9fd1c0ed72bfaecf915f58b6c81aa28c9f929b92d08de1a20b1
- SHA512
  
  412a40fe708e238602b0eecedfafd5dcd4f288fd408ced7d072cabf81133b8b3f3b95b7d0403fb640c963f0fdef3de8f2ddc869fa420c69ff825d366004cfae3
- SSDEEP
  
  1536:P3FPfM/GXvKLVCYggD5CKC4lu+2eX+NwCVvDI47xMAaEStfHBpCHcTp6:vFU+XvKLVCY39IKi+6DJ9fHStfhp0
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer