448986e2a05c4e68c7d645e1dc2605a05d2aac3530135fde6d99f17e1a9a9d2e | Triage

Sharing

General

Target

448986e2a05c4e68c7d645e1dc2605a05d2aac3530135fde6d99f17e1a9a9d2e
Size

2.7MB
Sample

240427-k7wjwsgb3w
MD5

3a16fd1afdeb1f7cc71b56de858c8fe6
SHA1

58da87341a314ced37cbb42f2ea0565dfcc63c83
SHA256

448986e2a05c4e68c7d645e1dc2605a05d2aac3530135fde6d99f17e1a9a9d2e
SHA512

352d8a79a83a3bb15158085013db7e9019b83f6a96f61040c4f84f27f1d2b64ae26d2120c9782ab1f89b9baa30967f7677d0324963a5060421d56b25118dfcf1
SSDEEP

49152:0jhHu5Kv6DCRlo83SOaZXi87JjigLHJH1jSjhTSGIo8Y70FHOELF:0jhu5gg8D8yqJpFH1m2FuEL

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  448986e2a05c4e68c7d645e1dc2605a05d2aac3530135fde6d99f17e1a9a9d2e
- Size
  
  2.7MB
- MD5
  
  3a16fd1afdeb1f7cc71b56de858c8fe6
- SHA1
  
  58da87341a314ced37cbb42f2ea0565dfcc63c83
- SHA256
  
  448986e2a05c4e68c7d645e1dc2605a05d2aac3530135fde6d99f17e1a9a9d2e
- SHA512
  
  352d8a79a83a3bb15158085013db7e9019b83f6a96f61040c4f84f27f1d2b64ae26d2120c9782ab1f89b9baa30967f7677d0324963a5060421d56b25118dfcf1
- SSDEEP
  
  49152:0jhHu5Kv6DCRlo83SOaZXi87JjigLHJH1jSjhTSGIo8Y70FHOELF:0jhu5gg8D8yqJpFH1m2FuEL
Score

7^/10

spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2