570e362ecfb9319eb2074f0bae1060c83d87e056050b42a98b19d33d0d56ac83 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

570e362ecfb9319eb2074f0bae1060c83d87e056050b42a98b19d33d0d56ac83
Size

3.1MB
Sample

240420-17mvrabd35
MD5

1c58d557f64cca11e9b13a362a895bc6
SHA1

8e8d84f395046a928b951fcdff61c8a3476221e8
SHA256

570e362ecfb9319eb2074f0bae1060c83d87e056050b42a98b19d33d0d56ac83
SHA512

8e7941b0ac97ab47b371d4eed63273c893ee33ed3735bfbbac6b627a53738d145074d704aa97432a07c344aebfc444461871d8df930c353d254599b59e7da586
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBIB/bSqz8b6LNXJqI:sxX7QnxrloE5dpUp/bVz8eLFc

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  570e362ecfb9319eb2074f0bae1060c83d87e056050b42a98b19d33d0d56ac83
- Size
  
  3.1MB
- MD5
  
  1c58d557f64cca11e9b13a362a895bc6
- SHA1
  
  8e8d84f395046a928b951fcdff61c8a3476221e8
- SHA256
  
  570e362ecfb9319eb2074f0bae1060c83d87e056050b42a98b19d33d0d56ac83
- SHA512
  
  8e7941b0ac97ab47b371d4eed63273c893ee33ed3735bfbbac6b627a53738d145074d704aa97432a07c344aebfc444461871d8df930c353d254599b59e7da586
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBIB/bSqz8b6LNXJqI:sxX7QnxrloE5dpUp/bVz8eLFc
Score

7^/10

persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer