fcdee2cf79eaf19e606c077ea5f5b3244976f8d595a5650da18448fa05a78e02 | Triage

Sharing

General

Target

2024-04-25_86a2089f6fe1947051453c55fdc3e99c_bkransomware
Size

71KB
Sample

240425-eya9psfc7z
MD5

86a2089f6fe1947051453c55fdc3e99c
SHA1

129ffd88c09da22faf46e572936e402f9c7ee22c
SHA256

fcdee2cf79eaf19e606c077ea5f5b3244976f8d595a5650da18448fa05a78e02
SHA512

9fefdea9157186d25315ea0a2f22c7ef691bddf3a04b6e71102c07175e82f4d0436c848e98d03eb77002a2c72d1a026306fbb62aaa80db60a23b3820f1b4a0cb
SSDEEP

1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTp:ZhpAyazIlyazTp

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-25_86a2089f6fe1947051453c55fdc3e99c_bkransomware
- Size
  
  71KB
- MD5
  
  86a2089f6fe1947051453c55fdc3e99c
- SHA1
  
  129ffd88c09da22faf46e572936e402f9c7ee22c
- SHA256
  
  fcdee2cf79eaf19e606c077ea5f5b3244976f8d595a5650da18448fa05a78e02
- SHA512
  
  9fefdea9157186d25315ea0a2f22c7ef691bddf3a04b6e71102c07175e82f4d0436c848e98d03eb77002a2c72d1a026306fbb62aaa80db60a23b3820f1b4a0cb
- SSDEEP
  
  1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTp:ZhpAyazIlyazTp
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer