735c4fc3e20904b714e8dac759688b85c2977c9f91f34cb59b02508f10c0f6b1 | Triage

Sharing

General

Target

7ef132e7f263c6bb51d0db08fb884566
Size

3.4MB
Sample

240129-fkzktaaef2
MD5

7ef132e7f263c6bb51d0db08fb884566
SHA1

17646560355825c3c68db13200cd90b9be7fae27
SHA256

735c4fc3e20904b714e8dac759688b85c2977c9f91f34cb59b02508f10c0f6b1
SHA512

ede839d60e12ac4777c297185b2013b688e0092ae1cb5eed08ee6e500b490a9600cbdccbb6e167584dec5c234f3a54d6f96b23f7a5cdfd2093d2bf78b24a33b3
SSDEEP

98304:YRS6nfSOQZOt+CW+7EELhF3gxpNOf2k2Y/i5:Ykj8NBFwxpNOuk2L

Score

8^/10

evasion spyware stealer

Malware Config

Targets

- Target
  
  7ef132e7f263c6bb51d0db08fb884566
- Size
  
  3.4MB
- MD5
  
  7ef132e7f263c6bb51d0db08fb884566
- SHA1
  
  17646560355825c3c68db13200cd90b9be7fae27
- SHA256
  
  735c4fc3e20904b714e8dac759688b85c2977c9f91f34cb59b02508f10c0f6b1
- SHA512
  
  ede839d60e12ac4777c297185b2013b688e0092ae1cb5eed08ee6e500b490a9600cbdccbb6e167584dec5c234f3a54d6f96b23f7a5cdfd2093d2bf78b24a33b3
- SSDEEP
  
  98304:YRS6nfSOQZOt+CW+7EELhF3gxpNOf2k2Y/i5:Ykj8NBFwxpNOuk2L
Score

8^/10

evasion spyware stealer
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionspywarestealer

behavioral2