c293aa589f916e937a3aab0c6be67233787c601de3f3bc48ba50428379fc8ae6 | Triage

Sharing

General

Target

2024-04-27_b9aebd3acda6ae1ba68b08bbf2a94f46_bkransomware
Size

71KB
Sample

240427-m1kvxsha66
MD5

b9aebd3acda6ae1ba68b08bbf2a94f46
SHA1

98cbad9d4d90d452c81cc5981cf972ba7b5f9797
SHA256

c293aa589f916e937a3aab0c6be67233787c601de3f3bc48ba50428379fc8ae6
SHA512

86936bb52a06a66afa8af7db5e53a3e99ff9dc2002c74968313f5708b097a7bd33e027f9bd57c139e5a1bc42e1fee069c5624db5b77c08e87442d38b679971b5
SSDEEP

1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTuv:ZhpAyazIlyazTi

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-27_b9aebd3acda6ae1ba68b08bbf2a94f46_bkransomware
- Size
  
  71KB
- MD5
  
  b9aebd3acda6ae1ba68b08bbf2a94f46
- SHA1
  
  98cbad9d4d90d452c81cc5981cf972ba7b5f9797
- SHA256
  
  c293aa589f916e937a3aab0c6be67233787c601de3f3bc48ba50428379fc8ae6
- SHA512
  
  86936bb52a06a66afa8af7db5e53a3e99ff9dc2002c74968313f5708b097a7bd33e027f9bd57c139e5a1bc42e1fee069c5624db5b77c08e87442d38b679971b5
- SSDEEP
  
  1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTuv:ZhpAyazIlyazTi
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer