f10ae8278080ab1748d8e114ce5a0a499a9016b55993a83e65c40a7dc40d258f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ddae517813533ff8cfb81a1187fcb6d0.exe
Size

734KB
Sample

231116-1t7yrshd8v
MD5

ddae517813533ff8cfb81a1187fcb6d0
SHA1

3e9d0bcab5d94967d5adcfe00a45f46052fe9a9a
SHA256

f10ae8278080ab1748d8e114ce5a0a499a9016b55993a83e65c40a7dc40d258f
SHA512

93c7eaed105d56a78c34d50ef2d1f27de0602271e3d4009d3036cee4c5e48c74bdd34a1d177e220ce42fb4e721839d4efe964b6d30fc6c66e356ed8c8d1bf87d
SSDEEP

12288:UxazIxzq/TymWfc/vQMeBDajRIO3iSw1+oKJt:Uxazszq/TymWfc/IMYciSw1jKJt

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  NEAS.ddae517813533ff8cfb81a1187fcb6d0.exe
- Size
  
  734KB
- MD5
  
  ddae517813533ff8cfb81a1187fcb6d0
- SHA1
  
  3e9d0bcab5d94967d5adcfe00a45f46052fe9a9a
- SHA256
  
  f10ae8278080ab1748d8e114ce5a0a499a9016b55993a83e65c40a7dc40d258f
- SHA512
  
  93c7eaed105d56a78c34d50ef2d1f27de0602271e3d4009d3036cee4c5e48c74bdd34a1d177e220ce42fb4e721839d4efe964b6d30fc6c66e356ed8c8d1bf87d
- SSDEEP
  
  12288:UxazIxzq/TymWfc/vQMeBDajRIO3iSw1+oKJt:Uxazszq/TymWfc/IMYciSw1jKJt
Score

7^/10

persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2