7bc1890b42de0a1bbf639ef4e4f4f5a930165ea96ad3202cb97fbfd7a3740296 | Triage

Sharing

General

Target

2024-04-27_0ab50fc1bcfa77f0d869163f37ba8a3e_bkransomware
Size

595KB
Sample

240427-2anlfshg96
MD5

0ab50fc1bcfa77f0d869163f37ba8a3e
SHA1

9b230b595da73625cae0cca885a034a313bcacbb
SHA256

7bc1890b42de0a1bbf639ef4e4f4f5a930165ea96ad3202cb97fbfd7a3740296
SHA512

c82dec3397328b48182c0370e8c84181add38cebab20569f8918d3bda09836fd80928fbc9d5cf8f1e7501971aacfa9600fdc8ce74a52049b35acdefa7699d3e9
SSDEEP

12288:hS0vhAa34ZfPuPiBpFT4bXheyv56zaEyEmVb/O2edK/3xBuI803:DvhgtGGWLE66zaEyEADSE3

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-27_0ab50fc1bcfa77f0d869163f37ba8a3e_bkransomware
- Size
  
  595KB
- MD5
  
  0ab50fc1bcfa77f0d869163f37ba8a3e
- SHA1
  
  9b230b595da73625cae0cca885a034a313bcacbb
- SHA256
  
  7bc1890b42de0a1bbf639ef4e4f4f5a930165ea96ad3202cb97fbfd7a3740296
- SHA512
  
  c82dec3397328b48182c0370e8c84181add38cebab20569f8918d3bda09836fd80928fbc9d5cf8f1e7501971aacfa9600fdc8ce74a52049b35acdefa7699d3e9
- SSDEEP
  
  12288:hS0vhAa34ZfPuPiBpFT4bXheyv56zaEyEmVb/O2edK/3xBuI803:DvhgtGGWLE66zaEyEADSE3
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer