d5e2aca21bf91a866302a314782eb82d8a96119876df5416d4a929bc28790f76 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5e2aca21bf91a866302a314782eb82d8a96119876df5416d4a929bc28790f76
Size

2.8MB
Sample

240501-fy9ypsba76
MD5

7e730a730dba3ac21bad2750d8b8be73
SHA1

e75ec6b13115e1372cb49da18f4403dd87bdd65d
SHA256

d5e2aca21bf91a866302a314782eb82d8a96119876df5416d4a929bc28790f76
SHA512

89cb06efd263a0145415462702f2b0abd5070bb3a8c938cf3316b6154edbef1c578a3d7a69a9b46d59045cf30c0ce27d543cc88693b93d64e4d1947357446275
SSDEEP

49152:Pdt6gLKJuMarhVnMFwTH8/giBiBcbk4ZxZ2DqFeVMhuxcPh:Pdgd1XdhBiiMa7

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  d5e2aca21bf91a866302a314782eb82d8a96119876df5416d4a929bc28790f76
- Size
  
  2.8MB
- MD5
  
  7e730a730dba3ac21bad2750d8b8be73
- SHA1
  
  e75ec6b13115e1372cb49da18f4403dd87bdd65d
- SHA256
  
  d5e2aca21bf91a866302a314782eb82d8a96119876df5416d4a929bc28790f76
- SHA512
  
  89cb06efd263a0145415462702f2b0abd5070bb3a8c938cf3316b6154edbef1c578a3d7a69a9b46d59045cf30c0ce27d543cc88693b93d64e4d1947357446275
- SSDEEP
  
  49152:Pdt6gLKJuMarhVnMFwTH8/giBiBcbk4ZxZ2DqFeVMhuxcPh:Pdgd1XdhBiiMa7
Score

8^/10

spyware stealer
- Drops file in Drivers directory
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2