ee426002bc8cbdf883e09fdc595e5f2b3f3ba24a8d0d7db8d6cea925468fdc20 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8ec53e702b8bb3c3da7ceceb14c501bf
Size

661KB
Sample

240204-k6tc5sgceq
MD5

8ec53e702b8bb3c3da7ceceb14c501bf
SHA1

767656206195737252e8f11bd062e00e8577bc1f
SHA256

ee426002bc8cbdf883e09fdc595e5f2b3f3ba24a8d0d7db8d6cea925468fdc20
SHA512

baea150f7e370d53fc4d0b2bf607c549a221ced2b80c1937c635dfe7ef34db74ab7ab9d0288dfc9941789c062ec53a9afc5fa88b9d10dea944d73145b117632b
SSDEEP

12288:dyBC7gUC/h3fKp10rOHjIHvrIWEaPAudPXdAze5WZvIiPFMnDlLSwb37+y3l9C8z:m1/h3fKpOrpHviOVdPXdAze5WZQiKLtT

Score

7^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  8ec53e702b8bb3c3da7ceceb14c501bf
- Size
  
  661KB
- MD5
  
  8ec53e702b8bb3c3da7ceceb14c501bf
- SHA1
  
  767656206195737252e8f11bd062e00e8577bc1f
- SHA256
  
  ee426002bc8cbdf883e09fdc595e5f2b3f3ba24a8d0d7db8d6cea925468fdc20
- SHA512
  
  baea150f7e370d53fc4d0b2bf607c549a221ced2b80c1937c635dfe7ef34db74ab7ab9d0288dfc9941789c062ec53a9afc5fa88b9d10dea944d73145b117632b
- SSDEEP
  
  12288:dyBC7gUC/h3fKp10rOHjIHvrIWEaPAudPXdAze5WZvIiPFMnDlLSwb37+y3l9C8z:m1/h3fKpOrpHviOVdPXdAze5WZQiKLtT
Score

7^/10

discovery persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer