88d3ef5e511ff266f861a9321d145353ed6a7bf253bfb41c11776f7d38174eb5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.6eb2357ec8b2fc41a011ac7b6ce31cc0_JC.exe
Size

131KB
Sample

231031-3b5f2ahe47
MD5

6eb2357ec8b2fc41a011ac7b6ce31cc0
SHA1

f585bbd17842680afb895a68c9b0708f60738aa9
SHA256

88d3ef5e511ff266f861a9321d145353ed6a7bf253bfb41c11776f7d38174eb5
SHA512

71aacf87a63193ffe2a1a737a883801f6530567baad7dbf7efd65871f029de302f2d5b7f629c9a7f4babffb0edacbce335a84f846e87844cdb9dd5b2ac05734f
SSDEEP

3072:ZRpAyazIlyazTkyO4tcM0hfiWepJ//bw7:xZMaz8g70qpJ/zq

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  NEAS.6eb2357ec8b2fc41a011ac7b6ce31cc0_JC.exe
- Size
  
  131KB
- MD5
  
  6eb2357ec8b2fc41a011ac7b6ce31cc0
- SHA1
  
  f585bbd17842680afb895a68c9b0708f60738aa9
- SHA256
  
  88d3ef5e511ff266f861a9321d145353ed6a7bf253bfb41c11776f7d38174eb5
- SHA512
  
  71aacf87a63193ffe2a1a737a883801f6530567baad7dbf7efd65871f029de302f2d5b7f629c9a7f4babffb0edacbce335a84f846e87844cdb9dd5b2ac05734f
- SSDEEP
  
  3072:ZRpAyazIlyazTkyO4tcM0hfiWepJ//bw7:xZMaz8g70qpJ/zq
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer