40f7e0aef84f756727f474217c97823017e57bd4e4bbd13989387bd20fb06b83 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c2c4b447fdf4f7ddb6199e765c50d01
Size

38KB
Sample

240101-hncassgba6
MD5

3c2c4b447fdf4f7ddb6199e765c50d01
SHA1

e678cf26d311591c7652a546a700fa9d11aa6d19
SHA256

40f7e0aef84f756727f474217c97823017e57bd4e4bbd13989387bd20fb06b83
SHA512

d8691fd32c085bd0e980fe2e6d63658f6b5f779af8e763297fb64b5d77fbd78631e251c6aab8b853109b53482f489f710c98a0707ea81de85fb061c8d73c57ff
SSDEEP

768:WiliAnUQYkYKzqbjC5RqHjrYReyZx+l0oKriCPRDLwYsKl4qnr:1Ssz6jGeyZx+l0TRIYsKldnr

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  3c2c4b447fdf4f7ddb6199e765c50d01
- Size
  
  38KB
- MD5
  
  3c2c4b447fdf4f7ddb6199e765c50d01
- SHA1
  
  e678cf26d311591c7652a546a700fa9d11aa6d19
- SHA256
  
  40f7e0aef84f756727f474217c97823017e57bd4e4bbd13989387bd20fb06b83
- SHA512
  
  d8691fd32c085bd0e980fe2e6d63658f6b5f779af8e763297fb64b5d77fbd78631e251c6aab8b853109b53482f489f710c98a0707ea81de85fb061c8d73c57ff
- SSDEEP
  
  768:WiliAnUQYkYKzqbjC5RqHjrYReyZx+l0oKriCPRDLwYsKl4qnr:1Ssz6jGeyZx+l0TRIYsKldnr
Score

7^/10

persistence spyware stealer
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistencespywarestealer