6b5ea8bb0b493c6f30b98bea9c04c9f63d06caf6e996af037a54ba49954f7f41 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

038cb5649c6e20ccc90c48bc6ad90d34
Size

97KB
Sample

231229-zkc7csafa5
MD5

038cb5649c6e20ccc90c48bc6ad90d34
SHA1

cdc594f0b1132984e881dbafd4d15180b11f7dbd
SHA256

6b5ea8bb0b493c6f30b98bea9c04c9f63d06caf6e996af037a54ba49954f7f41
SHA512

0c969ccae587b3114b3b6fd95dc104e6a59e1dcfb76df0d1b5c0abc0138285f43eb49c9d0babc81eca62f3e6bf79d7e84816eaeb981e3edcc0c6a3b52806391a
SSDEEP

768:zWn5LkI3qY/f9016VY167M1Yn+LvSK0Fos/x8iKNNsIGUzxEFfl3MO192:zK5LkI6YH9uQ+rSKgJGNsILENR8

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  038cb5649c6e20ccc90c48bc6ad90d34
- Size
  
  97KB
- MD5
  
  038cb5649c6e20ccc90c48bc6ad90d34
- SHA1
  
  cdc594f0b1132984e881dbafd4d15180b11f7dbd
- SHA256
  
  6b5ea8bb0b493c6f30b98bea9c04c9f63d06caf6e996af037a54ba49954f7f41
- SHA512
  
  0c969ccae587b3114b3b6fd95dc104e6a59e1dcfb76df0d1b5c0abc0138285f43eb49c9d0babc81eca62f3e6bf79d7e84816eaeb981e3edcc0c6a3b52806391a
- SSDEEP
  
  768:zWn5LkI3qY/f9016VY167M1Yn+LvSK0Fos/x8iKNNsIGUzxEFfl3MO192:zK5LkI6YH9uQ+rSKgJGNsILENR8
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2