57bf8f2ed0d8835cf2825d5542de179a1f6191943fef6fa0d3646075eddc5e26 | Triage

Sharing

General

Target

2024-04-28_160883868a17fa0171b08a033819151a_bkransomware
Size

135KB
Sample

240428-dyhs4sfd4t
MD5

160883868a17fa0171b08a033819151a
SHA1

baba184bdc16a97fb9b124ec358845e23a2bfe72
SHA256

57bf8f2ed0d8835cf2825d5542de179a1f6191943fef6fa0d3646075eddc5e26
SHA512

a817113ddd788712c3329d283d0265312cb1a6d191f8d4f3c148bf2690416861530151f4d2f902c91dd384c6f9a073ea90442f318e4bb785402a91720792b928
SSDEEP

3072:ZRpAyazIliazTTwrzhDOWg0b9PXzAJsGGtVA9GsO7D/:xZ8azPwpXx9CdoZ

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_160883868a17fa0171b08a033819151a_bkransomware
- Size
  
  135KB
- MD5
  
  160883868a17fa0171b08a033819151a
- SHA1
  
  baba184bdc16a97fb9b124ec358845e23a2bfe72
- SHA256
  
  57bf8f2ed0d8835cf2825d5542de179a1f6191943fef6fa0d3646075eddc5e26
- SHA512
  
  a817113ddd788712c3329d283d0265312cb1a6d191f8d4f3c148bf2690416861530151f4d2f902c91dd384c6f9a073ea90442f318e4bb785402a91720792b928
- SSDEEP
  
  3072:ZRpAyazIliazTTwrzhDOWg0b9PXzAJsGGtVA9GsO7D/:xZ8azPwpXx9CdoZ
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer