6e9c5b200da44c4c789d1ae2cae43b9a1ff1da6559f1fd94ebd955450c6f2645 | Triage

Sharing

General

Target

2024-04-28_46f482774fc9c8b987b0de2e2f0b0bc5_bkransomware
Size

73KB
Sample

240428-mf7h7adh3z
MD5

46f482774fc9c8b987b0de2e2f0b0bc5
SHA1

ef0af2606a99fdb810430c61195d0a2f4e174a7e
SHA256

6e9c5b200da44c4c789d1ae2cae43b9a1ff1da6559f1fd94ebd955450c6f2645
SHA512

9d57396987f7a1e75aafb0ad554772aee5d98a9a11dd08a59775bc334fb339e7f7a4d0c95a04fa55908f0b606da3a18acb4c481746887c9e8deb76d1ded4484b
SSDEEP

1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTkba:ZhpAyazIlyazTaa

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_46f482774fc9c8b987b0de2e2f0b0bc5_bkransomware
- Size
  
  73KB
- MD5
  
  46f482774fc9c8b987b0de2e2f0b0bc5
- SHA1
  
  ef0af2606a99fdb810430c61195d0a2f4e174a7e
- SHA256
  
  6e9c5b200da44c4c789d1ae2cae43b9a1ff1da6559f1fd94ebd955450c6f2645
- SHA512
  
  9d57396987f7a1e75aafb0ad554772aee5d98a9a11dd08a59775bc334fb339e7f7a4d0c95a04fa55908f0b606da3a18acb4c481746887c9e8deb76d1ded4484b
- SSDEEP
  
  1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTkba:ZhpAyazIlyazTaa
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer