117997909896e79ac09f81a7ff9611bc153762a45cb15f1fb06ac9e0be1c7558 | Triage

Sharing

General

Target

710785459d065a7e822861764ec36480.bin
Size

1.2MB
Sample

231103-cgs23scd83
MD5

1bc36d452c7c8c98b87a6edc9fd74bd7
SHA1

a833ab51a0b47d3f6140280d5e64a803d808f163
SHA256

117997909896e79ac09f81a7ff9611bc153762a45cb15f1fb06ac9e0be1c7558
SHA512

4ac995ac636d5d0a6663c397050b9e4252a35a6b00e58b552ffbf9dd2ab6898676748efebc3d1702a21bc11bd276791515132d377e47c78b7a5891915a47ef24
SSDEEP

24576:ZY4mEhVFkhftgThcyggqtLorY2oZ087PbvYG1byYq5kkWsSR/imCAG62:S4FlkrgCNy5CrDYGFyJjoqvAx2

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  e396aa398fb1fa0f6c9db780211f758649e9a1f26bb5a2e7026b1cfec6ea9c0d.exe
- Size
  
  1.7MB
- MD5
  
  710785459d065a7e822861764ec36480
- SHA1
  
  d7d641f65e380e71f13dd04a6a37c903b532fb32
- SHA256
  
  e396aa398fb1fa0f6c9db780211f758649e9a1f26bb5a2e7026b1cfec6ea9c0d
- SHA512
  
  7fc4596b4cc119c9f939d4577e54c788dccd3c9aa84d8bfcd8dde14ee22da8b525b5c06201c045634e346444c78bf923c5e203e88af7717fac80178f52f7fa45
- SSDEEP
  
  24576:TV+UOwZmL/nvlkykFlTrAEdghT0WUQ2YUhOxiq2p7j4jNyXpcHLYiSHdX3Ra/KhV:TXZnl3AEyRV2YUIxPsDnI/wM2
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer