5b80c730ab1b5c846be147f226a97299f0fa5898d01bf6453d054e425b285396 | Triage

Sharing

General

Target

5b80c730ab1b5c846be147f226a97299f0fa5898d01bf6453d054e425b285396
Size

4.9MB
Sample

240426-h3f8asbe45
MD5

f901967a06ab5123fc87e606be0b1616
SHA1

894cc947c7b32e20c6ffaeb6fb8ef7c4a923bf44
SHA256

5b80c730ab1b5c846be147f226a97299f0fa5898d01bf6453d054e425b285396
SHA512

0981a2fa6cdbb7b0e35a6a7376cea6b059c0b431e49bea61565d4a27c56689b78194b7a22211b84547543ef2ddb0267229759f34c0a23ac39db39a940e003312
SSDEEP

49152:aEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1Nn9tJEUxDG0BYYrLA50IHLGff:QAI5pAdVrn9tbnR1VgBVmt

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  5b80c730ab1b5c846be147f226a97299f0fa5898d01bf6453d054e425b285396
- Size
  
  4.9MB
- MD5
  
  f901967a06ab5123fc87e606be0b1616
- SHA1
  
  894cc947c7b32e20c6ffaeb6fb8ef7c4a923bf44
- SHA256
  
  5b80c730ab1b5c846be147f226a97299f0fa5898d01bf6453d054e425b285396
- SHA512
  
  0981a2fa6cdbb7b0e35a6a7376cea6b059c0b431e49bea61565d4a27c56689b78194b7a22211b84547543ef2ddb0267229759f34c0a23ac39db39a940e003312
- SSDEEP
  
  49152:aEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1Nn9tJEUxDG0BYYrLA50IHLGff:QAI5pAdVrn9tbnR1VgBVmt
Score

7^/10

spyware stealer
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2