4f8717d6659f923d707378eb4784d1c407f7fe95db30495d308118e1c80ba175 | Triage

Sharing

General

Target

2024-04-28_aff4a76fc3fdad06f1e674c8a0bf5ec7_bkransomware_karagany
Size

677KB
Sample

240428-pzjbtage3t
MD5

aff4a76fc3fdad06f1e674c8a0bf5ec7
SHA1

cad65e7f7f1a4c995e9920ea44530ad5dc94006d
SHA256

4f8717d6659f923d707378eb4784d1c407f7fe95db30495d308118e1c80ba175
SHA512

203aaeec46b6087dba336b748fbe5319d19448d20d1865c2b8d302457441640cf89211f238861360f1b4c524a87f4e6f90ac915a0c54c93d3ad53f85aa8b9995
SSDEEP

12288:OvXk1egeKznl5TXJR0j3p2pVUrrQuLoWTF23JVbd0UILzXSocmKdYNq6:yk1e7ozX0j52pMkuLoiSJVlIL29mhNq6

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_aff4a76fc3fdad06f1e674c8a0bf5ec7_bkransomware_karagany
- Size
  
  677KB
- MD5
  
  aff4a76fc3fdad06f1e674c8a0bf5ec7
- SHA1
  
  cad65e7f7f1a4c995e9920ea44530ad5dc94006d
- SHA256
  
  4f8717d6659f923d707378eb4784d1c407f7fe95db30495d308118e1c80ba175
- SHA512
  
  203aaeec46b6087dba336b748fbe5319d19448d20d1865c2b8d302457441640cf89211f238861360f1b4c524a87f4e6f90ac915a0c54c93d3ad53f85aa8b9995
- SSDEEP
  
  12288:OvXk1egeKznl5TXJR0j3p2pVUrrQuLoWTF23JVbd0UILzXSocmKdYNq6:yk1e7ozX0j52pMkuLoiSJVlIL29mhNq6
Score

7^/10

spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2