05b9cc14544709562f1750664e41aca9e605c889626dba5f4f4d043444658763 | Triage

Sharing

General

Target

2024-04-28_0f594581f48775ebc8c44762fd84289f_bkransomware
Size

71KB
Sample

240428-dx3f5afa44
MD5

0f594581f48775ebc8c44762fd84289f
SHA1

43c19c46f3af21857a93ce47893043a1d186f344
SHA256

05b9cc14544709562f1750664e41aca9e605c889626dba5f4f4d043444658763
SHA512

a0fb976087bd7a9b8efed4ce1fb34b8e853a07b27f01d7b124efc39bae8aa931eee7cfd1871b8134916fef32cc31ba237f3cf5a4a53ef93fd6d363b3d6793c94
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTc:ZRpAyazIliazTc

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_0f594581f48775ebc8c44762fd84289f_bkransomware
- Size
  
  71KB
- MD5
  
  0f594581f48775ebc8c44762fd84289f
- SHA1
  
  43c19c46f3af21857a93ce47893043a1d186f344
- SHA256
  
  05b9cc14544709562f1750664e41aca9e605c889626dba5f4f4d043444658763
- SHA512
  
  a0fb976087bd7a9b8efed4ce1fb34b8e853a07b27f01d7b124efc39bae8aa931eee7cfd1871b8134916fef32cc31ba237f3cf5a4a53ef93fd6d363b3d6793c94
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTc:ZRpAyazIliazTc
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer