a72ed399d50582a119b1750836a259c73f2583c4463399787632c10d3cd0f887 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

_2024.zip
Size

19.0MB
Sample

240228-a77xtafd8w
MD5

58da3330a370aa912d23b1dc924b4cbf
SHA1

29aaf94ca002a2b4357e1727b8323419b2e1c847
SHA256

a72ed399d50582a119b1750836a259c73f2583c4463399787632c10d3cd0f887
SHA512

c275d719467c544cbfa1998fff4ee02e028d9fbe3d9ab1893e26aea156d25d6fb030d549d14809fa3e35b02c9414c5bce7efaa5fea63e353119d9ea1df7118c4
SSDEEP

393216:VpFcFstn07TelOiH7ymIoHTYhTJI54MlxxFUEsT9rtEKQhZYHJMMoNJUS:nFcusyby+HTaAm3QhCHSM0P

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  Language/WinRar.exe
- Size
  
  3.2MB
- MD5
  
  b66dec691784f00061bc43e62030c343
- SHA1
  
  779d947d41efafc2995878e56e213411de8fb4cf
- SHA256
  
  26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370
- SHA512
  
  6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3
- SSDEEP
  
  98304:lJXOBfK92HbAw0CNB3kJElzNsy8vGUvfCo3ABH43:lJ192HbAXCvDlzNsy8vGUyo3AB8
Score

1^/10
behavioral1
- Target
  
  Setup.exe
- Size
  
  5.1MB
- MD5
  
  32f13b2f9505a23073f3f38250dca67b
- SHA1
  
  6f9f98809e31b5671ee80df24178671e6bced595
- SHA256
  
  7f9bb109afa88de6f31d4259bf5731ec8234689a187911d48f200ba7ad177338
- SHA512
  
  5e438cf361da443c0862957a504ce24cf9827057f0b5c7c44d317fe9342e79f64ca5312104d4b78029ccf8473d41d1e88c4e085e131e91879e60d09c4d2eabbb
- SSDEEP
  
  98304:zcrl7+1EU9h4YdsnJleXEBc0wDgkch+tA22A6VXrfa06Dni7+xuyM4:zcJ7OhCQ6JQUR5NA6VXra06TvDM
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryspywarestealer