6ddff7c536c3f86f1067823ff7298ab6ca32a39f5e5b1dc8cc87a82b938ff260 | Triage

Sharing

General

Target

Legacysurvival.exe
Size

61.8MB
Sample

231022-zlz3hscg2x
MD5

ad1a360bd80604fb0bde1c21df7e25a3
SHA1

05907fac216a0c1c7152af48c4456e0c2362da29
SHA256

6ddff7c536c3f86f1067823ff7298ab6ca32a39f5e5b1dc8cc87a82b938ff260
SHA512

e0a799ea18ef2536d6b94ecd5e860fffd707f0d57b42c3e88baa43d62125164bd60ba0e1c67ef5ec3d405e3bd3871236b6de5bd4171ba44b58e74e3fa2fe829b
SSDEEP

1572864:Lm6UkjGIjlwHhqm421FUE553VO1vXW0H76mlagtJ:C6UkjhqHh+cuEHFORnblagtJ

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  Legacysurvival.exe
- Size
  
  61.8MB
- MD5
  
  ad1a360bd80604fb0bde1c21df7e25a3
- SHA1
  
  05907fac216a0c1c7152af48c4456e0c2362da29
- SHA256
  
  6ddff7c536c3f86f1067823ff7298ab6ca32a39f5e5b1dc8cc87a82b938ff260
- SHA512
  
  e0a799ea18ef2536d6b94ecd5e860fffd707f0d57b42c3e88baa43d62125164bd60ba0e1c67ef5ec3d405e3bd3871236b6de5bd4171ba44b58e74e3fa2fe829b
- SSDEEP
  
  1572864:Lm6UkjGIjlwHhqm421FUE553VO1vXW0H76mlagtJ:C6UkjhqHh+cuEHFORnblagtJ
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2