264d781406bc1fdacdd086651e6051e87b87fb8f49734b097da51531e230ced7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-25_ae7d2ee8b0043029d6f325989304c96e_ryuk
Size

2.2MB
Sample

240425-zwy8zaeh53
MD5

ae7d2ee8b0043029d6f325989304c96e
SHA1

e191e0431732229b8c97b227d878bfcabec8bef3
SHA256

264d781406bc1fdacdd086651e6051e87b87fb8f49734b097da51531e230ced7
SHA512

304ea28217c6128b2ffb71e4202e21b8321917ab8a2905ee1dd18eed8f80eb35629eaaac8222a2649011a66d5496323535f76adcf174f4c9e1dd69d35b525cf7
SSDEEP

24576:POObVw4TaN1wdkukCba4oXtgLhU3wEdmh58DTduSZpUR0GHrVQ1aW4mSOgv3isi:POOh3aN4kuLbegmtGepAHrVQ1/fSNvi

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  2024-04-25_ae7d2ee8b0043029d6f325989304c96e_ryuk
- Size
  
  2.2MB
- MD5
  
  ae7d2ee8b0043029d6f325989304c96e
- SHA1
  
  e191e0431732229b8c97b227d878bfcabec8bef3
- SHA256
  
  264d781406bc1fdacdd086651e6051e87b87fb8f49734b097da51531e230ced7
- SHA512
  
  304ea28217c6128b2ffb71e4202e21b8321917ab8a2905ee1dd18eed8f80eb35629eaaac8222a2649011a66d5496323535f76adcf174f4c9e1dd69d35b525cf7
- SSDEEP
  
  24576:POObVw4TaN1wdkukCba4oXtgLhU3wEdmh58DTduSZpUR0GHrVQ1aW4mSOgv3isi:POOh3aN4kuLbegmtGepAHrVQ1/fSNvi
Score

7^/10

spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2