0e1306f694ca7e35a66a8b21e676aa484b77a8e11a9d6af3484ef4726735838a | Triage

Sharing

General

Target

0e1306f694ca7e35a66a8b21e676aa484b77a8e11a9d6af3484ef4726735838a
Size

288KB
Sample

240311-xpbg8abd7y
MD5

9a834fcec7d8026e801eb99ad8a94f05
SHA1

5105fd7ccfbdf4ca3c29c9eaa5ee2032499d7057
SHA256

0e1306f694ca7e35a66a8b21e676aa484b77a8e11a9d6af3484ef4726735838a
SHA512

bf667ff2d98fda12928288d6c12c70324fd0f47dea26be699e8abbe27cce7f4585d449caf89a6ebac4ea41d1173c2d245152770993fff8c3e02c3974740c46a2
SSDEEP

6144:xZ8az2mu1wPj7i6NTCmQZv5EbkHv0q81SHRjqGhc8r:xC02odQZv5xHmSHR+ER

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  0e1306f694ca7e35a66a8b21e676aa484b77a8e11a9d6af3484ef4726735838a
- Size
  
  288KB
- MD5
  
  9a834fcec7d8026e801eb99ad8a94f05
- SHA1
  
  5105fd7ccfbdf4ca3c29c9eaa5ee2032499d7057
- SHA256
  
  0e1306f694ca7e35a66a8b21e676aa484b77a8e11a9d6af3484ef4726735838a
- SHA512
  
  bf667ff2d98fda12928288d6c12c70324fd0f47dea26be699e8abbe27cce7f4585d449caf89a6ebac4ea41d1173c2d245152770993fff8c3e02c3974740c46a2
- SSDEEP
  
  6144:xZ8az2mu1wPj7i6NTCmQZv5EbkHv0q81SHRjqGhc8r:xC02odQZv5xHmSHR+ER
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer