2887babb96cb05a0a0211a3eab945474e5480915daf4440c7148dcde52095c39 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2887babb96cb05a0a0211a3eab945474e5480915daf4440c7148dcde52095c39
Size

383KB
Sample

231230-vzt17sbacr
MD5

8fb61f1af471b1f38a2092c8c7b2cbbc
SHA1

4f601152e26a2d25ad7fdf444ffa63cf4b822f06
SHA256

2887babb96cb05a0a0211a3eab945474e5480915daf4440c7148dcde52095c39
SHA512

323489289847d01c6b76ba3d7e58278f14f61b966f74243c20a8ed5465db0bc97fcecb17871a8664a5dd7f718c73d6a84da17d34d14570735eafd499989f31ab
SSDEEP

6144:JVHIpxCjeZlMsOE8tffmPUIH0Wi+WsNOz6ArE:JVHCx9ZlMPEYOPUIdoU

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  CRACK NURSULTAN.exe
- Size
  
  200.0MB
- MD5
  
  0bf463e9ad4a0ebdc554bf9b953e361f
- SHA1
  
  e0c007059298763d98bed11b75fabe6b7cea4fb7
- SHA256
  
  e8d0ab9793f38778707f89ebe81a1fb7dd9d6833194e4ca27cf63202c9c27425
- SHA512
  
  a56d42e12a117ee0aced30df5101889ecb885a27106e82134c9d08f24a94ad4c2b4bb39a38a7e340b1019b81644e23db3cf4b69324ee9199087d1894ee6c82a8
- SSDEEP
  
  6144:/a8hZJyCopuRHtw4ujiQz3pqaey3rk2E784NHsX3lPtzPKP+Yp5oD2:3ByFpuP08aey3rk2E784NHMlPcP+3D
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer