8439ddd4d2b87381e790fff38afa7b5a84fee27c259973107e1d987562d6f27a | Triage

Sharing

General

Target

2024-04-27_ff6feded021f758e4797c66068a7d25e_bkransomware
Size

71KB
Sample

240427-kgetfseh72
MD5

ff6feded021f758e4797c66068a7d25e
SHA1

dbe09e485b9e7bc580a3a30962e30d3bf7e504b9
SHA256

8439ddd4d2b87381e790fff38afa7b5a84fee27c259973107e1d987562d6f27a
SHA512

c3ad6bd88ae7ac36504971416aeb903a229ba5a431daf2e7dc1af05510421920e1420179e3cfef8f8e4c7767f8b493abb91e7dcc09f28c6808cb35bc484fcc96
SSDEEP

1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTf:ZhpAyazIlyazTf

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-27_ff6feded021f758e4797c66068a7d25e_bkransomware
- Size
  
  71KB
- MD5
  
  ff6feded021f758e4797c66068a7d25e
- SHA1
  
  dbe09e485b9e7bc580a3a30962e30d3bf7e504b9
- SHA256
  
  8439ddd4d2b87381e790fff38afa7b5a84fee27c259973107e1d987562d6f27a
- SHA512
  
  c3ad6bd88ae7ac36504971416aeb903a229ba5a431daf2e7dc1af05510421920e1420179e3cfef8f8e4c7767f8b493abb91e7dcc09f28c6808cb35bc484fcc96
- SSDEEP
  
  1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTf:ZhpAyazIlyazTf
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer