2dd5d9efd333aa9f9e0651f6d49c382620c5d4430a603c3d237d18d2cc16920a | Triage

Sharing

General

Target

2dd5d9efd333aa9f9e0651f6d49c382620c5d4430a603c3d237d18d2cc16920a
Size

1.8MB
Sample

240428-yh272afh6v
MD5

1b67e66c821c57841065c16aa3c7a490
SHA1

6d5447748e03e0331f78e47085329f3029b9c72d
SHA256

2dd5d9efd333aa9f9e0651f6d49c382620c5d4430a603c3d237d18d2cc16920a
SHA512

ddf890c9dd6f94b7f2b931a975d84b0336e8d635e9f481a4dd5b58c36da3b79511a411572996a18bb5cd9fbe3930f1ebd929d9ccd92a3a48f241210f2be43079
SSDEEP

49152:PpiIhJBRCvtOAiY//nmU/UMAQ1TsJfJWBjOaODilHj5YSg4bZToVP4iDiVb0GL9K:PpLfRCKU/UMAQ1KMBjOaODilHj5YSg4q

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  2dd5d9efd333aa9f9e0651f6d49c382620c5d4430a603c3d237d18d2cc16920a
- Size
  
  1.8MB
- MD5
  
  1b67e66c821c57841065c16aa3c7a490
- SHA1
  
  6d5447748e03e0331f78e47085329f3029b9c72d
- SHA256
  
  2dd5d9efd333aa9f9e0651f6d49c382620c5d4430a603c3d237d18d2cc16920a
- SHA512
  
  ddf890c9dd6f94b7f2b931a975d84b0336e8d635e9f481a4dd5b58c36da3b79511a411572996a18bb5cd9fbe3930f1ebd929d9ccd92a3a48f241210f2be43079
- SSDEEP
  
  49152:PpiIhJBRCvtOAiY//nmU/UMAQ1TsJfJWBjOaODilHj5YSg4bZToVP4iDiVb0GL9K:PpLfRCKU/UMAQ1KMBjOaODilHj5YSg4q
Score

7^/10

spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2