fa59ee84ae7cf946b9bc035dfde8fb40d3e3468190bd17cb610c53fe3d2bc844 | Triage

Sharing

General

Target

2024-04-28_fdf20870e0f6947acc54d7dc158de616_bkransomware
Size

518KB
Sample

240428-v5gm3ach57
MD5

fdf20870e0f6947acc54d7dc158de616
SHA1

d3f35f9cd5bf840d8c9b690929822f72f3e59bd7
SHA256

fa59ee84ae7cf946b9bc035dfde8fb40d3e3468190bd17cb610c53fe3d2bc844
SHA512

3f35c985dd351ff1db874a5d351bb42bfca675df3ac4bca2d5cdf91f6012b9aa0cf73efbf5896a967cda8aacf3d212db0106520a524080d395195b3238b1b3d7
SSDEEP

12288:xC0tmH3Ut1er+kigoZUWtBaL4XA9K8gGsxEiIS:DtmiyQ2WHaLHsuZS

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-04-28_fdf20870e0f6947acc54d7dc158de616_bkransomware
- Size
  
  518KB
- MD5
  
  fdf20870e0f6947acc54d7dc158de616
- SHA1
  
  d3f35f9cd5bf840d8c9b690929822f72f3e59bd7
- SHA256
  
  fa59ee84ae7cf946b9bc035dfde8fb40d3e3468190bd17cb610c53fe3d2bc844
- SHA512
  
  3f35c985dd351ff1db874a5d351bb42bfca675df3ac4bca2d5cdf91f6012b9aa0cf73efbf5896a967cda8aacf3d212db0106520a524080d395195b3238b1b3d7
- SSDEEP
  
  12288:xC0tmH3Ut1er+kigoZUWtBaL4XA9K8gGsxEiIS:DtmiyQ2WHaLHsuZS
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer