ba6a22f053b732abc46187fcc608a314a5664a749c2ca4445e76ecb7e4dcafe9 | Triage

Sharing

General

Target

2024-04-26_0fd8797ebb7774ad520d7c0265c21f19_bkransomware
Size

74KB
Sample

240426-arma6sgd85
MD5

0fd8797ebb7774ad520d7c0265c21f19
SHA1

f2aeeb2ba435ab96e76ee57074bae928210fbde7
SHA256

ba6a22f053b732abc46187fcc608a314a5664a749c2ca4445e76ecb7e4dcafe9
SHA512

8283fb0f32a19708ab1ad54059254ce5c79be484624ed178e550bbb9e5968ed3c00d2a83369e54a1d45da084abd068413e038ada7317b41fbb11a7b6b44da5ee
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTeo2x:ZRpAyazIliazTeo2x

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-26_0fd8797ebb7774ad520d7c0265c21f19_bkransomware
- Size
  
  74KB
- MD5
  
  0fd8797ebb7774ad520d7c0265c21f19
- SHA1
  
  f2aeeb2ba435ab96e76ee57074bae928210fbde7
- SHA256
  
  ba6a22f053b732abc46187fcc608a314a5664a749c2ca4445e76ecb7e4dcafe9
- SHA512
  
  8283fb0f32a19708ab1ad54059254ce5c79be484624ed178e550bbb9e5968ed3c00d2a83369e54a1d45da084abd068413e038ada7317b41fbb11a7b6b44da5ee
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTeo2x:ZRpAyazIliazTeo2x
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer