50cbd84110cd04577e725f91053187d6a628ac145bbb95688b05cee6fc4fafd7 | Triage

Sharing

General

Target

39b0c28917cde0d967dfb9c4a4d330d0
Size

36KB
Sample

231231-rqkjmadegl
MD5

39b0c28917cde0d967dfb9c4a4d330d0
SHA1

6a4c166f3dcc19107b029b51f3fd7c137af7af7e
SHA256

50cbd84110cd04577e725f91053187d6a628ac145bbb95688b05cee6fc4fafd7
SHA512

ba26e3e06ea01bee7ac182fa164a7cdfc860590cdcd055ecd196440a085d22b618a561b255f9b54be5c05c6d35d3f7435b5859609c77b785d5dfda3fd4481a4b
SSDEEP

384:/ThCPkepDT6x0121Uc4rcGgiB7bwCrp/Ovw5ITvmPWvvDWSyWN:/F+kepkmrcDIbwCrRITvmPWTRZ

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  39b0c28917cde0d967dfb9c4a4d330d0
- Size
  
  36KB
- MD5
  
  39b0c28917cde0d967dfb9c4a4d330d0
- SHA1
  
  6a4c166f3dcc19107b029b51f3fd7c137af7af7e
- SHA256
  
  50cbd84110cd04577e725f91053187d6a628ac145bbb95688b05cee6fc4fafd7
- SHA512
  
  ba26e3e06ea01bee7ac182fa164a7cdfc860590cdcd055ecd196440a085d22b618a561b255f9b54be5c05c6d35d3f7435b5859609c77b785d5dfda3fd4481a4b
- SSDEEP
  
  384:/ThCPkepDT6x0121Uc4rcGgiB7bwCrp/Ovw5ITvmPWvvDWSyWN:/F+kepkmrcDIbwCrRITvmPWTRZ
Score

8^/10

persistence spyware stealer
- Sets file execution options in registry
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer