4dd94ed92e97e9c8bf5ebd8e6083c417dfb4ac920a44673e65c88b77fea14ab9 | Triage

Sharing

General

Target

tmp
Size

104KB
Sample

231126-zncd8scd29
MD5

c5bd0fa2752cbc0c8d4cfa13cca7c6c5
SHA1

c65ea236ba263d2d9232915216cd3165bcf3ee65
SHA256

4dd94ed92e97e9c8bf5ebd8e6083c417dfb4ac920a44673e65c88b77fea14ab9
SHA512

8bdcd395ad684219fb2dd0f98ddeb09edd49d8d9fb07e57b75aa4f52aa96d0cc24c2c1e37a8aff69e31135ce1594c52a105ad395cf11567000c934d41451744f
SSDEEP

1536:lRkkOwV5CZrzMldpJOkO5y1rnNzrqknEZlUXQRN:lSktrC52dBO5y5dXm

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  tmp
- Size
  
  104KB
- MD5
  
  c5bd0fa2752cbc0c8d4cfa13cca7c6c5
- SHA1
  
  c65ea236ba263d2d9232915216cd3165bcf3ee65
- SHA256
  
  4dd94ed92e97e9c8bf5ebd8e6083c417dfb4ac920a44673e65c88b77fea14ab9
- SHA512
  
  8bdcd395ad684219fb2dd0f98ddeb09edd49d8d9fb07e57b75aa4f52aa96d0cc24c2c1e37a8aff69e31135ce1594c52a105ad395cf11567000c934d41451744f
- SSDEEP
  
  1536:lRkkOwV5CZrzMldpJOkO5y1rnNzrqknEZlUXQRN:lSktrC52dBO5y5dXm
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2