82a1635817318cd79992c4646fe71d3cb6554af09fd92b3ab803eb953b55ded7 | Triage

Sharing

General

Target

82a1635817318cd79992c4646fe71d3cb6554af09fd92b3ab803eb953b55ded7
Size

146KB
Sample

240428-y24vzage4s
MD5

56f563554c4a7ac0f47f70477c5e1eb1
SHA1

9e4a418b6a4360a8e488a9d3b1f1e2635c2b7a02
SHA256

82a1635817318cd79992c4646fe71d3cb6554af09fd92b3ab803eb953b55ded7
SHA512

71edaf803cd44572a5de2b50ed713b2ab08e4e978477ffa341c46f0e1602b68f4f98ff6fe4fcfc3923b2b620275a6bbf5b46c23262d9c8df689a848fbc850d11
SSDEEP

1536:/qbSe+Zk78NR3dN5nPmT/igXrotyFD+ljb6e2s82qjUbb5d6ojOepel5:/3e+a+3dN5+rFob8LjUbb5d6u6

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  82a1635817318cd79992c4646fe71d3cb6554af09fd92b3ab803eb953b55ded7
- Size
  
  146KB
- MD5
  
  56f563554c4a7ac0f47f70477c5e1eb1
- SHA1
  
  9e4a418b6a4360a8e488a9d3b1f1e2635c2b7a02
- SHA256
  
  82a1635817318cd79992c4646fe71d3cb6554af09fd92b3ab803eb953b55ded7
- SHA512
  
  71edaf803cd44572a5de2b50ed713b2ab08e4e978477ffa341c46f0e1602b68f4f98ff6fe4fcfc3923b2b620275a6bbf5b46c23262d9c8df689a848fbc850d11
- SSDEEP
  
  1536:/qbSe+Zk78NR3dN5nPmT/igXrotyFD+ljb6e2s82qjUbb5d6ojOepel5:/3e+a+3dN5+rFob8LjUbb5d6u6
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2