3c9b77945679f3f763de4d052fbea195fb61b654175d62b88d7bfbc17f38fefb | Triage

Sharing

General

Target

3c9b77945679f3f763de4d052fbea195fb61b654175d62b88d7bfbc17f38fefb
Size

2.1MB
Sample

240107-3vae1ahfb9
MD5

7b6e1adf588ce77419920593970292fb
SHA1

ed1631a3aad6c0def2fff981826c11efcbed1621
SHA256

3c9b77945679f3f763de4d052fbea195fb61b654175d62b88d7bfbc17f38fefb
SHA512

d5a48d92b4ee9651b5adf64e4aa677f7907312bb1d8311446e442de3b75f52368bb58bc2a93b70cdfaf90afd101d40a011c4e4ae31f23551786cedd679435f8c
SSDEEP

49152:KwwLUbowEOvygS7/1sHOqJ02nTPFdRPqxMai9jDkqXfd+/9ALp/GDdv:KwwLUcwti78OqJ7TPB9jDkqXf0FOp/gd

Score

8^/10

collection persistence spyware stealer

Malware Config

Targets

- Target
  
  3c9b77945679f3f763de4d052fbea195fb61b654175d62b88d7bfbc17f38fefb
- Size
  
  2.1MB
- MD5
  
  7b6e1adf588ce77419920593970292fb
- SHA1
  
  ed1631a3aad6c0def2fff981826c11efcbed1621
- SHA256
  
  3c9b77945679f3f763de4d052fbea195fb61b654175d62b88d7bfbc17f38fefb
- SHA512
  
  d5a48d92b4ee9651b5adf64e4aa677f7907312bb1d8311446e442de3b75f52368bb58bc2a93b70cdfaf90afd101d40a011c4e4ae31f23551786cedd679435f8c
- SSDEEP
  
  49152:KwwLUbowEOvygS7/1sHOqJ02nTPFdRPqxMai9jDkqXfd+/9ALp/GDdv:KwwLUcwti78OqJ7TPB9jDkqXf0FOp/gd
Score

8^/10

persistence spyware stealer collection
- Downloads MZ/PE file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

collectionpersistencespywarestealer