46c7191a183aa16230a9ed4b704689341fc697a474a826dcda195f35f6566efb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c389aa6bdf41358928bb88352602c2a
Size

780KB
Sample

231225-n2dcxaffgn
MD5

1c389aa6bdf41358928bb88352602c2a
SHA1

81bb2dfd9c438b67471808b6cf7d1636013b4b72
SHA256

46c7191a183aa16230a9ed4b704689341fc697a474a826dcda195f35f6566efb
SHA512

923e48f646aa219f324bc4a3f4681d62eff36edb36eed19b91c17ff4d05122f86e37085999f61243886f15c8b3e8c9bbf9ae6398d9f43d63c97b9f1e27fc7595
SSDEEP

24576:ALe9PSSYoeM+VS1mzeagHnQSGf6o5fgR2GOPt:AQqSbgSEzeaylhml

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  1c389aa6bdf41358928bb88352602c2a
- Size
  
  780KB
- MD5
  
  1c389aa6bdf41358928bb88352602c2a
- SHA1
  
  81bb2dfd9c438b67471808b6cf7d1636013b4b72
- SHA256
  
  46c7191a183aa16230a9ed4b704689341fc697a474a826dcda195f35f6566efb
- SHA512
  
  923e48f646aa219f324bc4a3f4681d62eff36edb36eed19b91c17ff4d05122f86e37085999f61243886f15c8b3e8c9bbf9ae6398d9f43d63c97b9f1e27fc7595
- SSDEEP
  
  24576:ALe9PSSYoeM+VS1mzeagHnQSGf6o5fgR2GOPt:AQqSbgSEzeaylhml
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2