ec91714c99319569fa65ea8ee46dc058a72f98c0a7cc215917ee428dd29e3635 | Triage

Sharing

General

Target

3939e69913e68d083490e2e3f8ccc75f
Size

536KB
Sample

231231-rfwtxabaer
MD5

3939e69913e68d083490e2e3f8ccc75f
SHA1

c32912ab11e66af2774f1b3db9457cf25efb9f77
SHA256

ec91714c99319569fa65ea8ee46dc058a72f98c0a7cc215917ee428dd29e3635
SHA512

532c195af87543fc0014ea7881aed1a83ef0a54ef842818ead7013c4d45a381bcc861608f3745e087a1fcbeddc32359a508552608ff0896181d05fa73b0bd934
SSDEEP

12288:1dJ6drg95irMXqgIA0wilXEu992f9Nc+RXLPwaN9Atr87ajbVD1SQ59z:p6V24rMnOXDr6deg7WbVvN

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  3939e69913e68d083490e2e3f8ccc75f
- Size
  
  536KB
- MD5
  
  3939e69913e68d083490e2e3f8ccc75f
- SHA1
  
  c32912ab11e66af2774f1b3db9457cf25efb9f77
- SHA256
  
  ec91714c99319569fa65ea8ee46dc058a72f98c0a7cc215917ee428dd29e3635
- SHA512
  
  532c195af87543fc0014ea7881aed1a83ef0a54ef842818ead7013c4d45a381bcc861608f3745e087a1fcbeddc32359a508552608ff0896181d05fa73b0bd934
- SSDEEP
  
  12288:1dJ6drg95irMXqgIA0wilXEu992f9Nc+RXLPwaN9Atr87ajbVD1SQ59z:p6V24rMnOXDr6deg7WbVvN
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2