1b3fea53c2edf4e3ef1e101978303e5a03aa955466c7a7d9ec65ceee6c36f894 | Triage

Sharing

General

Target

1b3fea53c2edf4e3ef1e101978303e5a03aa955466c7a7d9ec65ceee6c36f894
Size

66KB
Sample

240428-y1b4kaga78
MD5

24749a1c16e122958e14685d139a9ed8
SHA1

b29240631507e7752ee1df424c9c845fc161ceee
SHA256

1b3fea53c2edf4e3ef1e101978303e5a03aa955466c7a7d9ec65ceee6c36f894
SHA512

0d793db229e689dbe25228e392daf1ca4750be1dab6d2b524cf74d08689ac92b14933424c3d14eeee0718839aea4f85879f616104a70bf00bc9fa7d80b22c14e
SSDEEP

1536:/qbSe+Zk78NR3dN5nPNb4yzwC132n6sLDDO:/3e+a+3dN5lb4yzjsLXO

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  1b3fea53c2edf4e3ef1e101978303e5a03aa955466c7a7d9ec65ceee6c36f894
- Size
  
  66KB
- MD5
  
  24749a1c16e122958e14685d139a9ed8
- SHA1
  
  b29240631507e7752ee1df424c9c845fc161ceee
- SHA256
  
  1b3fea53c2edf4e3ef1e101978303e5a03aa955466c7a7d9ec65ceee6c36f894
- SHA512
  
  0d793db229e689dbe25228e392daf1ca4750be1dab6d2b524cf74d08689ac92b14933424c3d14eeee0718839aea4f85879f616104a70bf00bc9fa7d80b22c14e
- SSDEEP
  
  1536:/qbSe+Zk78NR3dN5nPNb4yzwC132n6sLDDO:/3e+a+3dN5lb4yzjsLXO
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2