34cb019cecb7d1c6a9dbe2f938715b3587d8e4fa6de6efbb0065ce266d99f8b6 | Triage

Sharing

General

Target

2024-04-28_41e05fee3238cb7890d5c2a34f85f2fb_bkransomware
Size

176KB
Sample

240428-f566dsha62
MD5

41e05fee3238cb7890d5c2a34f85f2fb
SHA1

be76d6ae9ebd605f9ed8d56367f411b24c0310f6
SHA256

34cb019cecb7d1c6a9dbe2f938715b3587d8e4fa6de6efbb0065ce266d99f8b6
SHA512

13a87d58b53bf654739828446da2f9e33911309140e97f47d13ad2404486ba44c919503501507aa05c687f1f50abb3b25c65061fdd5331d741d33bf738af9550
SSDEEP

3072:ZhpAyazIlyazTjpGObU0nR85BzSPC1PiNdJoYVB3JIuLOa:hZMaznEOisPC1iNdxv3muLOa

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_41e05fee3238cb7890d5c2a34f85f2fb_bkransomware
- Size
  
  176KB
- MD5
  
  41e05fee3238cb7890d5c2a34f85f2fb
- SHA1
  
  be76d6ae9ebd605f9ed8d56367f411b24c0310f6
- SHA256
  
  34cb019cecb7d1c6a9dbe2f938715b3587d8e4fa6de6efbb0065ce266d99f8b6
- SHA512
  
  13a87d58b53bf654739828446da2f9e33911309140e97f47d13ad2404486ba44c919503501507aa05c687f1f50abb3b25c65061fdd5331d741d33bf738af9550
- SSDEEP
  
  3072:ZhpAyazIlyazTjpGObU0nR85BzSPC1PiNdJoYVB3JIuLOa:hZMaznEOisPC1iNdxv3muLOa
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer