942acd5f3afc06ae0ff44dc5754ed89e3214e9f9f0e62fce0919a346d123c85f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-27_5614d5056808b6dbaa7f12cc2085b766_bkransomware
Size

72KB
Sample

240427-l9ql4agd39
MD5

5614d5056808b6dbaa7f12cc2085b766
SHA1

70f34a870bd1dae586e0f2ded3917d0b96b37592
SHA256

942acd5f3afc06ae0ff44dc5754ed89e3214e9f9f0e62fce0919a346d123c85f
SHA512

2b9388eda841bf655b29e8cad61c7b63f3cf7e8af8fa51a2f57614a51da9ab8b3b198fdac65edf6e4ee2b8613017f3e3554e402be93fccf2959e72b78e5ed4f6
SSDEEP

1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTjna:ZhpAyazIlyazTja

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-27_5614d5056808b6dbaa7f12cc2085b766_bkransomware
- Size
  
  72KB
- MD5
  
  5614d5056808b6dbaa7f12cc2085b766
- SHA1
  
  70f34a870bd1dae586e0f2ded3917d0b96b37592
- SHA256
  
  942acd5f3afc06ae0ff44dc5754ed89e3214e9f9f0e62fce0919a346d123c85f
- SHA512
  
  2b9388eda841bf655b29e8cad61c7b63f3cf7e8af8fa51a2f57614a51da9ab8b3b198fdac65edf6e4ee2b8613017f3e3554e402be93fccf2959e72b78e5ed4f6
- SSDEEP
  
  1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTjna:ZhpAyazIlyazTja
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer