9a542017148924bcaf18f0033a66544a4ffc6e75020f09d878c3b9dee216c607 | Triage

Sharing

General

Target

2024-04-28_30c1860f9f8f87f9a716edb7613f5df0_bkransomware
Size

235KB
Sample

240428-e37hpsga84
MD5

30c1860f9f8f87f9a716edb7613f5df0
SHA1

3743441324963c979a5e5df778f59e2a2f90b52f
SHA256

9a542017148924bcaf18f0033a66544a4ffc6e75020f09d878c3b9dee216c607
SHA512

ac973eec26605f053a62d5393062bdf76c6ccee2812de5b1dc94c101181bf4c5b1c264698f59bbccae0039ca930c98cd795c3449bfa3abcdb7070afd3992445c
SSDEEP

6144:xZ8azD1D3zw478TuuCB0WjQB/MYhxzsPUbK:xC0Z3w47UumWQ7scbK

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_30c1860f9f8f87f9a716edb7613f5df0_bkransomware
- Size
  
  235KB
- MD5
  
  30c1860f9f8f87f9a716edb7613f5df0
- SHA1
  
  3743441324963c979a5e5df778f59e2a2f90b52f
- SHA256
  
  9a542017148924bcaf18f0033a66544a4ffc6e75020f09d878c3b9dee216c607
- SHA512
  
  ac973eec26605f053a62d5393062bdf76c6ccee2812de5b1dc94c101181bf4c5b1c264698f59bbccae0039ca930c98cd795c3449bfa3abcdb7070afd3992445c
- SSDEEP
  
  6144:xZ8azD1D3zw478TuuCB0WjQB/MYhxzsPUbK:xC0Z3w47UumWQ7scbK
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer