a864949e6950a004c8d22eb8cc4865713848041684ff4f20894420af57c77d79 | Triage

Sharing

General

Target

2024-04-09_5fc7e4dd053a48a3490e3f31d3befb6b_ryuk
Size

5.5MB
Sample

240409-e6vcjseg85
MD5

5fc7e4dd053a48a3490e3f31d3befb6b
SHA1

4df64413b449f37372e11a4b2b1045b932b25153
SHA256

a864949e6950a004c8d22eb8cc4865713848041684ff4f20894420af57c77d79
SHA512

17190405b321178973c0db0b976a32dd7850700ec7e7b4fcc8a0079600f902429825d0d3d427ae3eeb69fb422cd9932914543a4c99a7832cdd7196e1c25aabed
SSDEEP

98304:7AI5pAdVJn9tbnR1VgBVmF70uMhSBrkNq:7AsCh7XYOIoQ

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  2024-04-09_5fc7e4dd053a48a3490e3f31d3befb6b_ryuk
- Size
  
  5.5MB
- MD5
  
  5fc7e4dd053a48a3490e3f31d3befb6b
- SHA1
  
  4df64413b449f37372e11a4b2b1045b932b25153
- SHA256
  
  a864949e6950a004c8d22eb8cc4865713848041684ff4f20894420af57c77d79
- SHA512
  
  17190405b321178973c0db0b976a32dd7850700ec7e7b4fcc8a0079600f902429825d0d3d427ae3eeb69fb422cd9932914543a4c99a7832cdd7196e1c25aabed
- SSDEEP
  
  98304:7AI5pAdVJn9tbnR1VgBVmF70uMhSBrkNq:7AsCh7XYOIoQ
Score

7^/10

spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2