ff76606adef595abbe1c8282b6777e9d3dbb8201804d5e275501a8d981aad696 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-26_27d8d1c96a461f4798e044b1346e5be1_bkransomware
Size

71KB
Sample

240426-e5kfysaa4y
MD5

27d8d1c96a461f4798e044b1346e5be1
SHA1

2f0280440377616cc58b517e6268a929b8c23db6
SHA256

ff76606adef595abbe1c8282b6777e9d3dbb8201804d5e275501a8d981aad696
SHA512

7e787b3012294c518533995f9e22ad245382a185278bdd84fc1f627ca24d52c6b6c44002e562df52520d8846f55cfea835cd7c2ac78c59e6a67a405342cc8351
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTxf:ZRpAyazIliazTxf

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-26_27d8d1c96a461f4798e044b1346e5be1_bkransomware
- Size
  
  71KB
- MD5
  
  27d8d1c96a461f4798e044b1346e5be1
- SHA1
  
  2f0280440377616cc58b517e6268a929b8c23db6
- SHA256
  
  ff76606adef595abbe1c8282b6777e9d3dbb8201804d5e275501a8d981aad696
- SHA512
  
  7e787b3012294c518533995f9e22ad245382a185278bdd84fc1f627ca24d52c6b6c44002e562df52520d8846f55cfea835cd7c2ac78c59e6a67a405342cc8351
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTxf:ZRpAyazIliazTxf
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer