b4177d3d69f7951f46d07b01204fc749befc81531720de78ab7e75e93db35c58 | Triage

Sharing

General

Target

b4177d3d69f7951f46d07b01204fc749befc81531720de78ab7e75e93db35c58
Size

208KB
Sample

231115-ebryyabf64
MD5

7918013ae55de62f5e108342a464864c
SHA1

8708c49b44c2807ef24687ebd4dc68a1a69b4100
SHA256

b4177d3d69f7951f46d07b01204fc749befc81531720de78ab7e75e93db35c58
SHA512

7c68fe54350bfa412af86383901d8e71a1cca7cc0b803c3a9fc980b66594dd862b0ae6a8909f71a287e40e8b96feb1a86b101bcc9f548b7ddaa8224450d1c9d8
SSDEEP

3072:+W24/2cixIYIXT4f9Nv9+vDgnd3MVdGUmPtV/8zDKlpN4c:+hxIlXTGvY8nd3MVdGUctlmKF

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  b4177d3d69f7951f46d07b01204fc749befc81531720de78ab7e75e93db35c58
- Size
  
  208KB
- MD5
  
  7918013ae55de62f5e108342a464864c
- SHA1
  
  8708c49b44c2807ef24687ebd4dc68a1a69b4100
- SHA256
  
  b4177d3d69f7951f46d07b01204fc749befc81531720de78ab7e75e93db35c58
- SHA512
  
  7c68fe54350bfa412af86383901d8e71a1cca7cc0b803c3a9fc980b66594dd862b0ae6a8909f71a287e40e8b96feb1a86b101bcc9f548b7ddaa8224450d1c9d8
- SSDEEP
  
  3072:+W24/2cixIYIXT4f9Nv9+vDgnd3MVdGUmPtV/8zDKlpN4c:+hxIlXTGvY8nd3MVdGUctlmKF
Score

8^/10

discovery spyware stealer
- Downloads MZ/PE file
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer