8cda1346ee81b64aa35d3d05d37170ed7c720234dcc893d56eb09893042655f3 | Triage

Sharing

General

Target

2024-04-27_77881f0bfec777b6aebf7c0b7d147264_bkransomware
Size

131KB
Sample

240427-wq19ladg36
MD5

77881f0bfec777b6aebf7c0b7d147264
SHA1

2aef961efdebc4c97df26d5a1d06e2c0070695ec
SHA256

8cda1346ee81b64aa35d3d05d37170ed7c720234dcc893d56eb09893042655f3
SHA512

bfd193776859f805eda4ee44c30e3fc60fc758e7e91d1f497de0f95a040e44a248efaed3e7b2b54a5ebcf9f2e5c2b095f15dbc968ae83f7cc38ad10bef45c10a
SSDEEP

3072:ZhpAyazIlyazTkkIjWjWtvpouJ1r5ovm8DTj:hZMazHLRy1l+m8DX

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-27_77881f0bfec777b6aebf7c0b7d147264_bkransomware
- Size
  
  131KB
- MD5
  
  77881f0bfec777b6aebf7c0b7d147264
- SHA1
  
  2aef961efdebc4c97df26d5a1d06e2c0070695ec
- SHA256
  
  8cda1346ee81b64aa35d3d05d37170ed7c720234dcc893d56eb09893042655f3
- SHA512
  
  bfd193776859f805eda4ee44c30e3fc60fc758e7e91d1f497de0f95a040e44a248efaed3e7b2b54a5ebcf9f2e5c2b095f15dbc968ae83f7cc38ad10bef45c10a
- SSDEEP
  
  3072:ZhpAyazIlyazTkkIjWjWtvpouJ1r5ovm8DTj:hZMazHLRy1l+m8DX
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer