c18b4d8d2978197528a05fa4767d9814172652166460dfd3156fbe9295477a45 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c18b4d8d2978197528a05fa4767d9814172652166460dfd3156fbe9295477a45
Size

598KB
Sample

231121-ejjmjaca68
MD5

e63f3de2b033781029587c560d27a07e
SHA1

463499f2e1c93ca326b681822efe6c538e7c8b53
SHA256

c18b4d8d2978197528a05fa4767d9814172652166460dfd3156fbe9295477a45
SHA512

1cfb8862f6db278e90f464b61026e7d9f3e0c54c928004f90158fe25ff37499783c564e311993fb11e63e1eadf24026d8f1776390277c13a2dbf243eb5fcf4ed
SSDEEP

12288:kRLeBKq8EPO1tTHIsiajw07vg9hwmB9SsDFi7i0xbLDguPBSU3wXv:kRLekq8YO1rM7wiDM7i0dDguJLg/

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  Payment 21.23.11.exe
- Size
  
  618KB
- MD5
  
  693abe87fc901ab02f6b63860c7b1ef3
- SHA1
  
  4b3759229e356b13bef0e1a201b1614f4ec40bd5
- SHA256
  
  c6cf092a8e5bcecbf12f34d791f6c8112c83cbd7c8f1802e4cf5c4a787742f10
- SHA512
  
  ecee1ef3af9aa651ccf23aa2d299e1b779666280291034c507f80fe4e298f1333df7f8c2e03fe56004bdc4a07e3192b39200d5a80c797f4d7b12f6132bfbce7e
- SSDEEP
  
  12288:J7vKq8EzODtTNmseaRw07Hibc9GB9Sqfti9e0eiyavMOUij:J7iq8WODTyUMfo9e0nya6i
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2