47fc9dea2f8929d09064e15cfd57108b8f3bd2d7395b4dfb31eb014825cb66b5 | Triage

Sharing

General

Target

4ebe4626592eb1e8818ccffb88cd6501
Size

399KB
Sample

240109-tf3zbsfaa2
MD5

4ebe4626592eb1e8818ccffb88cd6501
SHA1

cd0ce02332305777ea503f6a0ee58e4111f86726
SHA256

47fc9dea2f8929d09064e15cfd57108b8f3bd2d7395b4dfb31eb014825cb66b5
SHA512

7d6be4789f1854e746d2824559ef57a856026935ae033717ebaa2ad12124249c6f81b69b499b3df1094c7075382064d85834f54fd9ad4dec3f95d0a06d1b2e23
SSDEEP

6144:qPkOHYsKNzX5y0Hy0e9z5Un5XXJ1lKquyrJHeCCC64Qkf:qPklysX5CWHDf

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  4ebe4626592eb1e8818ccffb88cd6501
- Size
  
  399KB
- MD5
  
  4ebe4626592eb1e8818ccffb88cd6501
- SHA1
  
  cd0ce02332305777ea503f6a0ee58e4111f86726
- SHA256
  
  47fc9dea2f8929d09064e15cfd57108b8f3bd2d7395b4dfb31eb014825cb66b5
- SHA512
  
  7d6be4789f1854e746d2824559ef57a856026935ae033717ebaa2ad12124249c6f81b69b499b3df1094c7075382064d85834f54fd9ad4dec3f95d0a06d1b2e23
- SSDEEP
  
  6144:qPkOHYsKNzX5y0Hy0e9z5Un5XXJ1lKquyrJHeCCC64Qkf:qPklysX5CWHDf
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer