d7a7148cdc505caccc77e11d444a278a47b6b10c9378bcf2a78d937bd2d42b25 | Triage

Sharing

General

Target

c04fddfaab6b879a25b036980a34908e
Size

138KB
Sample

240311-l269wafg69
MD5

c04fddfaab6b879a25b036980a34908e
SHA1

b6692c046c120a1aa3c058ba2bdbf92a82dae451
SHA256

d7a7148cdc505caccc77e11d444a278a47b6b10c9378bcf2a78d937bd2d42b25
SHA512

f1b64b24f50d0370aa04cde3494d14623aba72329b13e1d28d3138b518fdf753c82f091a704b362f4242c488e849d21d62ed7271c66f6169975a1188937a1b96
SSDEEP

3072:/caqyte6QMV77snHLLxtYOxyaXOqdPNbnhW4IxZx5kCZuubFrhU1wKKrONm2:/caBtz77snHRqY7PNNW4IxZ7zbC0rONX

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  c04fddfaab6b879a25b036980a34908e
- Size
  
  138KB
- MD5
  
  c04fddfaab6b879a25b036980a34908e
- SHA1
  
  b6692c046c120a1aa3c058ba2bdbf92a82dae451
- SHA256
  
  d7a7148cdc505caccc77e11d444a278a47b6b10c9378bcf2a78d937bd2d42b25
- SHA512
  
  f1b64b24f50d0370aa04cde3494d14623aba72329b13e1d28d3138b518fdf753c82f091a704b362f4242c488e849d21d62ed7271c66f6169975a1188937a1b96
- SSDEEP
  
  3072:/caqyte6QMV77snHLLxtYOxyaXOqdPNbnhW4IxZx5kCZuubFrhU1wKKrONm2:/caBtz77snHRqY7PNNW4IxZ7zbC0rONX
Score

7^/10

persistence spyware stealer
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials in Registry

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2