60732f115f3952b188c086813848d43f45816f6f723d304ae1e73946e46fc0f7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-25_2f06747e82d7fa6d53e9fa725a7987d1_bkransomware
Size

645KB
Sample

240425-p2p75sah67
MD5

2f06747e82d7fa6d53e9fa725a7987d1
SHA1

b6479815b8d87958da3e0a2c976ba941527b207a
SHA256

60732f115f3952b188c086813848d43f45816f6f723d304ae1e73946e46fc0f7
SHA512

c1985676eedbb54a523a7a684e6a38893685bb7156c5d914c6a273927bbb3d98c4870bad8945f2582435d8769023265c7c7efdc31e49c6b745041bcfd4c77f76
SSDEEP

12288:xC0OAypnqVO2Bq/SKsGRC60ta1DJWr9BbC7JJyLUWg:DOAOYBq/ds2d0ta1DJQgJcE

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-25_2f06747e82d7fa6d53e9fa725a7987d1_bkransomware
- Size
  
  645KB
- MD5
  
  2f06747e82d7fa6d53e9fa725a7987d1
- SHA1
  
  b6479815b8d87958da3e0a2c976ba941527b207a
- SHA256
  
  60732f115f3952b188c086813848d43f45816f6f723d304ae1e73946e46fc0f7
- SHA512
  
  c1985676eedbb54a523a7a684e6a38893685bb7156c5d914c6a273927bbb3d98c4870bad8945f2582435d8769023265c7c7efdc31e49c6b745041bcfd4c77f76
- SSDEEP
  
  12288:xC0OAypnqVO2Bq/SKsGRC60ta1DJWr9BbC7JJyLUWg:DOAOYBq/ds2d0ta1DJQgJcE
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer