e9d7f880c55e4ff1a92ef18202c0ccb100ec1ad78b4bd70bdf35e73194001262 | Triage

Sharing

General

Target

NEAS.286e189a042ae13f6434632038336880_JC.exe
Size

25KB
Sample

231021-xvkcbaag29
MD5

286e189a042ae13f6434632038336880
SHA1

91feb2b9ba6282d3031516375496dd170fa2ccf3
SHA256

e9d7f880c55e4ff1a92ef18202c0ccb100ec1ad78b4bd70bdf35e73194001262
SHA512

718f518e762421a16ff86a31be5a9ff75b2026f5f60a362d439a5b2c1b070821f157c6254186353492956b38112f0aa6896f82ff84fb731383992c623137ac4f
SSDEEP

384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvD:8Q3LotOPNSQVwVVxGKEvKHrVD

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  NEAS.286e189a042ae13f6434632038336880_JC.exe
- Size
  
  25KB
- MD5
  
  286e189a042ae13f6434632038336880
- SHA1
  
  91feb2b9ba6282d3031516375496dd170fa2ccf3
- SHA256
  
  e9d7f880c55e4ff1a92ef18202c0ccb100ec1ad78b4bd70bdf35e73194001262
- SHA512
  
  718f518e762421a16ff86a31be5a9ff75b2026f5f60a362d439a5b2c1b070821f157c6254186353492956b38112f0aa6896f82ff84fb731383992c623137ac4f
- SSDEEP
  
  384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvD:8Q3LotOPNSQVwVVxGKEvKHrVD
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer