56109bb5d2409532d9e862fcd21448519ea752530e55576a48e2ceaa1648c599 | Triage

Sharing

General

Target

2024-04-28_0e212a11c6b12c052d0f57e005222243_bkransomware
Size

96KB
Sample

240428-dxvfhsfd2z
MD5

0e212a11c6b12c052d0f57e005222243
SHA1

da5144bb70b9660f0714619ceffe2f2d514de92e
SHA256

56109bb5d2409532d9e862fcd21448519ea752530e55576a48e2ceaa1648c599
SHA512

ecb5bb9db8385c7dbc7ed5db959f1afcca01abacdd9c7c84c96b3f142f23dc48746a94e0bd24724231f80ab8ce9fe73d2dd986f8c71e6d2c98a058421467ce64
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTNmgGeVD/WcX16Z:ZRpAyazIliazTNmgl+Co

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_0e212a11c6b12c052d0f57e005222243_bkransomware
- Size
  
  96KB
- MD5
  
  0e212a11c6b12c052d0f57e005222243
- SHA1
  
  da5144bb70b9660f0714619ceffe2f2d514de92e
- SHA256
  
  56109bb5d2409532d9e862fcd21448519ea752530e55576a48e2ceaa1648c599
- SHA512
  
  ecb5bb9db8385c7dbc7ed5db959f1afcca01abacdd9c7c84c96b3f142f23dc48746a94e0bd24724231f80ab8ce9fe73d2dd986f8c71e6d2c98a058421467ce64
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTNmgGeVD/WcX16Z:ZRpAyazIliazTNmgl+Co
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer