368aef862ede5f8112bb0d096a02a17fe0f21c9bf9b6dbe7ff2737a71ea04d28 | Triage

Sharing

General

Target

14031996198.zip
Size

683KB
Sample

240103-zxyzlachd5
MD5

9dd6a959f9f9be6fb692f911ea2381d5
SHA1

30f9b48d8593ac15464aa4651da672ea8dbc78c7
SHA256

368aef862ede5f8112bb0d096a02a17fe0f21c9bf9b6dbe7ff2737a71ea04d28
SHA512

29bf0cd5e087d394d6fd34c641f2c188b30e6814179620aab07bb7170fd188c4aa0687a2df9f48fa618da583b912b477bd819b709fe237c18cab075b0d97c421
SSDEEP

12288:Px6Dwg58x91jiVqGnbL+zjBQLLWgD3ou3QHy50+kLZ2T+5mSm3ZLCHv:Zl1ehL+zj2e+QPVl2JSA0Hv

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  dfe3c14fea77ea02a85f2317ed77f2e2814ce9e6c609404a1a954e22ccb2873c
- Size
  
  1.3MB
- MD5
  
  3f705a7387cf12af6e397b345b09e241
- SHA1
  
  0c0ac5248bcfae2f769d4805347ebb82306c229f
- SHA256
  
  dfe3c14fea77ea02a85f2317ed77f2e2814ce9e6c609404a1a954e22ccb2873c
- SHA512
  
  29cd6f21330423f4f7ab732b70fe60deb587d6c1cf15803bd5d6a5618586a81dd88a1baf2af4655db39180e85533462d2d9335988473b14706102d52181d63a0
- SSDEEP
  
  24576:QTvRhpBjV5A7oL9lbMmaTi1cEWuqpdbfbCuMpc+:QTZhjV20LyacE1qpJjCux+
Score

8^/10

spyware stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2