1d7456676f0ab486a249f583847442337cca3bfc46c4148b14fe52bb25663c85 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

471a0a9546307c950bde3c7c4aa66cfd.exe
Size

251KB
Sample

231125-sy6x9sbc39
MD5

471a0a9546307c950bde3c7c4aa66cfd
SHA1

89f0a92b57c354336856b542f74759c72e0d3f64
SHA256

1d7456676f0ab486a249f583847442337cca3bfc46c4148b14fe52bb25663c85
SHA512

b63b3898ccae650be6a434fd8aaa60d72a410c450200aa88f0ae1dd8a4552d16524621e69b58eb2d142ac3cc24454fa5cd8615fb48095c659fb713a7fa191ff7
SSDEEP

3072:5OhqIawV294/k+6IoUKPEqig1om4BW9Vca1CG9UC5Re0PAo:IUby29gkIn1g74U9VFUse

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  471a0a9546307c950bde3c7c4aa66cfd.exe
- Size
  
  251KB
- MD5
  
  471a0a9546307c950bde3c7c4aa66cfd
- SHA1
  
  89f0a92b57c354336856b542f74759c72e0d3f64
- SHA256
  
  1d7456676f0ab486a249f583847442337cca3bfc46c4148b14fe52bb25663c85
- SHA512
  
  b63b3898ccae650be6a434fd8aaa60d72a410c450200aa88f0ae1dd8a4552d16524621e69b58eb2d142ac3cc24454fa5cd8615fb48095c659fb713a7fa191ff7
- SSDEEP
  
  3072:5OhqIawV294/k+6IoUKPEqig1om4BW9Vca1CG9UC5Re0PAo:IUby29gkIn1g74U9VFUse
Score

8^/10

discovery spyware stealer
- Downloads MZ/PE file
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2