d20e10bacc80335e1b351fe03ac7bd0ba8dccb149b6cdaa477ead6a3e89f3e52 | Triage

Sharing

General

Target

2024-04-28_d05a4b4a32947291a34ecfd6225b6b5a_bkransomware
Size

71KB
Sample

240428-b54ytadd62
MD5

d05a4b4a32947291a34ecfd6225b6b5a
SHA1

c3cc65f1bfa3b7e0b7de8810355719b2aed76fef
SHA256

d20e10bacc80335e1b351fe03ac7bd0ba8dccb149b6cdaa477ead6a3e89f3e52
SHA512

32c7afcfaa3c68b0b9cff5168b7728dc06f67c089e94bc4b6ceed28053f892451e57e726c6233cff9bb16679af0ffcb9bb95a26b286f4350bd570760ec151933
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTP:ZRpAyazIliazTP

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_d05a4b4a32947291a34ecfd6225b6b5a_bkransomware
- Size
  
  71KB
- MD5
  
  d05a4b4a32947291a34ecfd6225b6b5a
- SHA1
  
  c3cc65f1bfa3b7e0b7de8810355719b2aed76fef
- SHA256
  
  d20e10bacc80335e1b351fe03ac7bd0ba8dccb149b6cdaa477ead6a3e89f3e52
- SHA512
  
  32c7afcfaa3c68b0b9cff5168b7728dc06f67c089e94bc4b6ceed28053f892451e57e726c6233cff9bb16679af0ffcb9bb95a26b286f4350bd570760ec151933
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTP:ZRpAyazIliazTP
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer