af417c8f31915861bef22cda49e494868effcbe67d61db9bdef712062f4085f7 | Triage

Sharing

General

Target

2024-04-28_fc6c4588ecc06408ab687289414bf36f_bkransomware
Size

131KB
Sample

240428-mhrkradf62
MD5

fc6c4588ecc06408ab687289414bf36f
SHA1

1ca5c6417a53ac51185d3ba96ebe47400b12cab9
SHA256

af417c8f31915861bef22cda49e494868effcbe67d61db9bdef712062f4085f7
SHA512

24e9c7f95357d40c9be81d9ff5253e8042c79e1f96d677ff6ff5a7d79e5b77c9ad464fa199c7e5286717b64aba1ae93ad0af13a7481d6f2e3bfd53d497ff4805
SSDEEP

3072:ZhpAyazIlyazTPRcZ3V4o+t5q5hwXI9H9JNBZ:hZMazr8eo+tE7wXIhlX

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_fc6c4588ecc06408ab687289414bf36f_bkransomware
- Size
  
  131KB
- MD5
  
  fc6c4588ecc06408ab687289414bf36f
- SHA1
  
  1ca5c6417a53ac51185d3ba96ebe47400b12cab9
- SHA256
  
  af417c8f31915861bef22cda49e494868effcbe67d61db9bdef712062f4085f7
- SHA512
  
  24e9c7f95357d40c9be81d9ff5253e8042c79e1f96d677ff6ff5a7d79e5b77c9ad464fa199c7e5286717b64aba1ae93ad0af13a7481d6f2e3bfd53d497ff4805
- SSDEEP
  
  3072:ZhpAyazIlyazTPRcZ3V4o+t5q5hwXI9H9JNBZ:hZMazr8eo+tE7wXIhlX
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer