8bc3c6335312cffc802a2c23940ad7c31b2644eae80d82abe72bc98cd2c793db | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-26_8e444c9805131808b5eeb8f9831ba00b_bkransomware
Size

71KB
Sample

240426-kcww6scg2t
MD5

8e444c9805131808b5eeb8f9831ba00b
SHA1

983e8e9a1d2071b8b9e3b5319008f344f4f910d6
SHA256

8bc3c6335312cffc802a2c23940ad7c31b2644eae80d82abe72bc98cd2c793db
SHA512

bc968cc8506f175ca46f6f0633b3e15e25c547360c95ebe383a782cdc20da59b372edd16b91065f9f0a131d7a9a9ea5318e168c0911fc445dd80b52305d3376f
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTI:ZRpAyazIliazTI

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-26_8e444c9805131808b5eeb8f9831ba00b_bkransomware
- Size
  
  71KB
- MD5
  
  8e444c9805131808b5eeb8f9831ba00b
- SHA1
  
  983e8e9a1d2071b8b9e3b5319008f344f4f910d6
- SHA256
  
  8bc3c6335312cffc802a2c23940ad7c31b2644eae80d82abe72bc98cd2c793db
- SHA512
  
  bc968cc8506f175ca46f6f0633b3e15e25c547360c95ebe383a782cdc20da59b372edd16b91065f9f0a131d7a9a9ea5318e168c0911fc445dd80b52305d3376f
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTI:ZRpAyazIliazTI
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer