2e94caf4b8ed5123aa497acb4e53b9a547f802a36414d33788f67a162c85581f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

066f962ec772759fde69f197ff7cc6c5
Size

48KB
Sample

231225-flbkdabbhp
MD5

066f962ec772759fde69f197ff7cc6c5
SHA1

aed043ebe570980388eb4a16e8cb3237ee78a413
SHA256

2e94caf4b8ed5123aa497acb4e53b9a547f802a36414d33788f67a162c85581f
SHA512

e59342735ae8c5c55070ae5d017c100a084dda6e8f281b5d760a57ac0e733f38a9af3731df2d094c8435baf1ebcaa8eb9a4e53a178fc7dc598174979a28a1281
SSDEEP

384:NlARnrXK6AgI77wKfZgde9WRR7jhXQhgfvAFUMyZycj1VrnCaCqnrBD74n6IAgIT:fgK6i8b0WRRJX1IUj7j1dtCqrRc6Ii8

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  066f962ec772759fde69f197ff7cc6c5
- Size
  
  48KB
- MD5
  
  066f962ec772759fde69f197ff7cc6c5
- SHA1
  
  aed043ebe570980388eb4a16e8cb3237ee78a413
- SHA256
  
  2e94caf4b8ed5123aa497acb4e53b9a547f802a36414d33788f67a162c85581f
- SHA512
  
  e59342735ae8c5c55070ae5d017c100a084dda6e8f281b5d760a57ac0e733f38a9af3731df2d094c8435baf1ebcaa8eb9a4e53a178fc7dc598174979a28a1281
- SSDEEP
  
  384:NlARnrXK6AgI77wKfZgde9WRR7jhXQhgfvAFUMyZycj1VrnCaCqnrBD74n6IAgIT:fgK6i8b0WRRJX1IUj7j1dtCqrRc6Ii8
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2