6ee0c69adb4309a581a1ad2b2fdd0418c7fc49f81be83c3d07ab396933bf550d | Triage

Sharing

General

Target

2024-04-28_d1006e3dc26a6663bdb7ca042a9fdaad_bkransomware
Size

72KB
Sample

240428-b58xrsdg6t
MD5

d1006e3dc26a6663bdb7ca042a9fdaad
SHA1

35f50dfff0111771033d12a38e0d7d116a921499
SHA256

6ee0c69adb4309a581a1ad2b2fdd0418c7fc49f81be83c3d07ab396933bf550d
SHA512

79ec07f0ae1b585d158be6c49e25a1168cc4bde66499f91d5f9a325defc3f9498872e680c193e7e0b33db63b315c9a4f2fc4a7998e2f83b3a3c8fcb826efc091
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTi:ZRpAyazIliazTi

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_d1006e3dc26a6663bdb7ca042a9fdaad_bkransomware
- Size
  
  72KB
- MD5
  
  d1006e3dc26a6663bdb7ca042a9fdaad
- SHA1
  
  35f50dfff0111771033d12a38e0d7d116a921499
- SHA256
  
  6ee0c69adb4309a581a1ad2b2fdd0418c7fc49f81be83c3d07ab396933bf550d
- SHA512
  
  79ec07f0ae1b585d158be6c49e25a1168cc4bde66499f91d5f9a325defc3f9498872e680c193e7e0b33db63b315c9a4f2fc4a7998e2f83b3a3c8fcb826efc091
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTi:ZRpAyazIliazTi
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer