dc4742f4d45ff37791d4942f369174a5f7ea3f173a2e1d1123796db40b9ab8e1 | Triage

Sharing

General

Target

b8d978255f05eef8050128bf16353c72
Size

276KB
Sample

240307-qsyctsdd6t
MD5

b8d978255f05eef8050128bf16353c72
SHA1

9841c125bae2bd118ff3fe2776eb8698524d1c35
SHA256

dc4742f4d45ff37791d4942f369174a5f7ea3f173a2e1d1123796db40b9ab8e1
SHA512

19b21f4221372d09b6de766823fc1e5109e224418c22bc4ba5a7fcbe7e5595da142cd59f856cbe4afb03233efd11a6b555f26d27cde06e0af933f96fe7aad11d
SSDEEP

3072:JbFOnG8petVVSmlydHXb7MP9Ui1s3n3y1Ux58EFu/ZJTCYBd1+tvMrN4kKJiGXP:FFAGvVSk6r7MFI3yGx88/kSP

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  b8d978255f05eef8050128bf16353c72
- Size
  
  276KB
- MD5
  
  b8d978255f05eef8050128bf16353c72
- SHA1
  
  9841c125bae2bd118ff3fe2776eb8698524d1c35
- SHA256
  
  dc4742f4d45ff37791d4942f369174a5f7ea3f173a2e1d1123796db40b9ab8e1
- SHA512
  
  19b21f4221372d09b6de766823fc1e5109e224418c22bc4ba5a7fcbe7e5595da142cd59f856cbe4afb03233efd11a6b555f26d27cde06e0af933f96fe7aad11d
- SSDEEP
  
  3072:JbFOnG8petVVSmlydHXb7MP9Ui1s3n3y1Ux58EFu/ZJTCYBd1+tvMrN4kKJiGXP:FFAGvVSk6r7MFI3yGx88/kSP
Score

7^/10

persistence spyware stealer
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials in Registry

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2