acf75904d6a71c6db38dfd9fa712395fab7d0d9f279d6b5dc2ac5785f6a70ecb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pre-alert KFL031321141885. NBOZ78869500.zip
Size

1.4MB
Sample

240109-zhacpabag3
MD5

1cbdcecb1a38e30425aa74051c0cbccb
SHA1

61135840eb1a5a8b8a07381b0e5d96e34fea3eb1
SHA256

acf75904d6a71c6db38dfd9fa712395fab7d0d9f279d6b5dc2ac5785f6a70ecb
SHA512

fc11648fc51b1fa0f17f7108c5f7f85622c06448993fa8aae86d6eb6bfd6c4296b9a5bab66f133b6cf586b9619b7cda91db9a33540b99b1b9159559b4d3f8441
SSDEEP

24576:omqoWYB+XQ8DZQh1NaQptQwKUIhwhDY4Zd0S12rvVfH4:oOZ8DZRStQwiwhDYmqSQzVfH4

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  pre-alert KFL031321141885. NBOZ78869500.bat
- Size
  
  1.8MB
- MD5
  
  2ccb86c5b5b56d4d90745cbad0512c8d
- SHA1
  
  f37d37c48f81d8ab4398f300146362e26464609d
- SHA256
  
  a35c2dfbe713186e716b66c8ca72764344a787e21640d53489094bf00e99f9e9
- SHA512
  
  41147e0cb2a6f69fe4fc2239e1a7d5bcacb1fb8b660ed98bad6b35abfdbd71afcf4bfed8230300dac686c727ccd08b0240267913a96b56b164cbf969ae522287
- SSDEEP
  
  24576:/sshpVsG5zw12wamDPSMFnFG/AwxL+v5jBWfx2ZkUULcA7ZJ3KuqPmk3QTRGxJUc:/9eG4fa2F4MGcgO6R8cx0
Score

7^/10

spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2