77feaa085f17f6fe07e7570d2727e4fd0fc781694b36edb29ba2f9338f021c90 | Triage

Sharing

General

Target

77feaa085f17f6fe07e7570d2727e4fd0fc781694b36edb29ba2f9338f021c90
Size

163KB
Sample

240428-wvp25adh4t
MD5

08f68c2d5cdee9e5579b9653e1f4eb15
SHA1

ca9459ec960465059e1044d717413562ee3baed7
SHA256

77feaa085f17f6fe07e7570d2727e4fd0fc781694b36edb29ba2f9338f021c90
SHA512

d6fd136efb636a40fea21af9d4261243da343dc7f660f563347f5d0df82607b30d761e68cf239b5791d3c0cae35717d7d84db4269c9bc892342a24acf7121723
SSDEEP

3072:/3e+a+3dN5kQekqnwLD9m0WjfuRRfEdj4E3f90bC:m+aMGQek9if1Vv+W

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  77feaa085f17f6fe07e7570d2727e4fd0fc781694b36edb29ba2f9338f021c90
- Size
  
  163KB
- MD5
  
  08f68c2d5cdee9e5579b9653e1f4eb15
- SHA1
  
  ca9459ec960465059e1044d717413562ee3baed7
- SHA256
  
  77feaa085f17f6fe07e7570d2727e4fd0fc781694b36edb29ba2f9338f021c90
- SHA512
  
  d6fd136efb636a40fea21af9d4261243da343dc7f660f563347f5d0df82607b30d761e68cf239b5791d3c0cae35717d7d84db4269c9bc892342a24acf7121723
- SSDEEP
  
  3072:/3e+a+3dN5kQekqnwLD9m0WjfuRRfEdj4E3f90bC:m+aMGQek9if1Vv+W
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2