edbb1cb5812cee9dac3122d4b963d5a65bbd6a83eb94bfd3382f3a2b40ccf2b4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0219dcefa1185a321209802f2406fc00_JC.exe
Size

110KB
Sample

231014-llzj4abg4y
MD5

0219dcefa1185a321209802f2406fc00
SHA1

acf20d39edeba2f358f8517d4e1220f5f6d536f6
SHA256

edbb1cb5812cee9dac3122d4b963d5a65bbd6a83eb94bfd3382f3a2b40ccf2b4
SHA512

aeaf80245ca91c0cb5047842d2ef4c4862ce0b9eeccf286e94add13cc92a84c9c5150f5399a38d4b56ab2ed6e373ead934c2aadbba476267690d99ca75a934e5
SSDEEP

3072:45I0KUk3X+H/W4A2X59rC4XFBfFUKybHvR:4K0bSX+c2zrCKBfFUKAZ

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  NEAS.0219dcefa1185a321209802f2406fc00_JC.exe
- Size
  
  110KB
- MD5
  
  0219dcefa1185a321209802f2406fc00
- SHA1
  
  acf20d39edeba2f358f8517d4e1220f5f6d536f6
- SHA256
  
  edbb1cb5812cee9dac3122d4b963d5a65bbd6a83eb94bfd3382f3a2b40ccf2b4
- SHA512
  
  aeaf80245ca91c0cb5047842d2ef4c4862ce0b9eeccf286e94add13cc92a84c9c5150f5399a38d4b56ab2ed6e373ead934c2aadbba476267690d99ca75a934e5
- SSDEEP
  
  3072:45I0KUk3X+H/W4A2X59rC4XFBfFUKybHvR:4K0bSX+c2zrCKBfFUKAZ
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer