e5c85df9a9b6f84f76c64b41c07a4f52f16a373eae80c713765a5cf43ced3e8d | Triage

Sharing

General

Target

e5c85df9a9b6f84f76c64b41c07a4f52f16a373eae80c713765a5cf43ced3e8d
Size

6.3MB
Sample

240410-r2fptabe27
MD5

a36d41f2e8210c0da3814b8e9a15500d
SHA1

e3fba49fd246e3580bca587982a0f9ee820a582d
SHA256

e5c85df9a9b6f84f76c64b41c07a4f52f16a373eae80c713765a5cf43ced3e8d
SHA512

66d27c8d3fe43ffd0e3d10b70a6e9fdbf8ccc7d22efd0db98d7113330d85653f6d25a347dc9030f114322ba0cb348c0580ca96fdf7cdfc2873e43eaba1d51b79
SSDEEP

98304:HyBEvyd0JkMzAo/Tsl03kxD7EhHwwsrfYbQa8vCMTXeXgAg:S0JkMzAo/Th0xD7Kts0t8vLX5Ag

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  e5c85df9a9b6f84f76c64b41c07a4f52f16a373eae80c713765a5cf43ced3e8d
- Size
  
  6.3MB
- MD5
  
  a36d41f2e8210c0da3814b8e9a15500d
- SHA1
  
  e3fba49fd246e3580bca587982a0f9ee820a582d
- SHA256
  
  e5c85df9a9b6f84f76c64b41c07a4f52f16a373eae80c713765a5cf43ced3e8d
- SHA512
  
  66d27c8d3fe43ffd0e3d10b70a6e9fdbf8ccc7d22efd0db98d7113330d85653f6d25a347dc9030f114322ba0cb348c0580ca96fdf7cdfc2873e43eaba1d51b79
- SSDEEP
  
  98304:HyBEvyd0JkMzAo/Tsl03kxD7EhHwwsrfYbQa8vCMTXeXgAg:S0JkMzAo/Th0xD7Kts0t8vLX5Ag
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2