e90e778e03fdd92a511f91cea11a5257d8b8536f40ab6dae9875ef1863911aa7 | Triage

Sharing

General

Target

2da7bf9746285b9afeab2254c225a9ee
Size

60KB
Sample

231225-t35rfahhc2
MD5

2da7bf9746285b9afeab2254c225a9ee
SHA1

e0fab53965e2d5df57e1139cb6b87f3391126095
SHA256

e90e778e03fdd92a511f91cea11a5257d8b8536f40ab6dae9875ef1863911aa7
SHA512

184f48b144b86a2aeda9edbc7492acd4c34a87c76c530ad04e44e3d83f018cd42c52c51c6fe03ec1a3fb509ebb4826db90bb5de42d99fb786f7fcade1470ab2e
SSDEEP

768:/24GjjRzPyI6TfDarzerws8FJd/f0ElsL9KyeVKgKhvS7XFZBs9MvO:jGfRzn8DuOHM/f0OsAye9cS7XS98O

Score

10^/10

persistence spyware stealer

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
killerxknight

Targets

- Target
  
  2da7bf9746285b9afeab2254c225a9ee
- Size
  
  60KB
- MD5
  
  2da7bf9746285b9afeab2254c225a9ee
- SHA1
  
  e0fab53965e2d5df57e1139cb6b87f3391126095
- SHA256
  
  e90e778e03fdd92a511f91cea11a5257d8b8536f40ab6dae9875ef1863911aa7
- SHA512
  
  184f48b144b86a2aeda9edbc7492acd4c34a87c76c530ad04e44e3d83f018cd42c52c51c6fe03ec1a3fb509ebb4826db90bb5de42d99fb786f7fcade1470ab2e
- SSDEEP
  
  768:/24GjjRzPyI6TfDarzerws8FJd/f0ElsL9KyeVKgKhvS7XFZBs9MvO:jGfRzn8DuOHM/f0OsAye9cS7XS98O
Score

10^/10

persistence spyware stealer
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer