5190d8663317e26c32208d45dc01473dd9d99c4d93c4f9327b80e3eaa4a0000e | Triage

Sharing

General

Target

2024-04-27_bf93f29ddc98660528aa7fd27fe6f06a_bkransomware
Size

72KB
Sample

240427-keka6aeh28
MD5

bf93f29ddc98660528aa7fd27fe6f06a
SHA1

d009f7170615c362eab816f4e99651f08608b2f5
SHA256

5190d8663317e26c32208d45dc01473dd9d99c4d93c4f9327b80e3eaa4a0000e
SHA512

b649bf89b6e5ec30d6d36d3cdb326df589dd3d833a4bff0b83f4b5f81a61b6b710dc112bf822944767e3b33efade9dc4473892fc8a64f20af01bcbb3bae96712
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTnO:ZRpAyazIliazTnO

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-27_bf93f29ddc98660528aa7fd27fe6f06a_bkransomware
- Size
  
  72KB
- MD5
  
  bf93f29ddc98660528aa7fd27fe6f06a
- SHA1
  
  d009f7170615c362eab816f4e99651f08608b2f5
- SHA256
  
  5190d8663317e26c32208d45dc01473dd9d99c4d93c4f9327b80e3eaa4a0000e
- SHA512
  
  b649bf89b6e5ec30d6d36d3cdb326df589dd3d833a4bff0b83f4b5f81a61b6b710dc112bf822944767e3b33efade9dc4473892fc8a64f20af01bcbb3bae96712
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTnO:ZRpAyazIliazTnO
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer