5790ef8a9f470fb5a84d95de6c5249b77e71cd271f31141c65e4d502e3093fa7 | Triage

Sharing

General

Target

2024-05-02_0f1fabadac1e6af63cf54e1173fedcdf_bkransomware
Size

131KB
Sample

240502-t82lzach4y
MD5

0f1fabadac1e6af63cf54e1173fedcdf
SHA1

362b7a46cbe6ff3f15c1f2d022cb878fd66a124d
SHA256

5790ef8a9f470fb5a84d95de6c5249b77e71cd271f31141c65e4d502e3093fa7
SHA512

47ebc0993ecde7c32e9ce270c33242c4d64e2a8cca1d651443b005fa366ca20c0e150091b90aa619871b638fd3a6dc716964575350f06a6d57853745ee74c42c
SSDEEP

3072:ZRpAyazIliazTdiyBrv1gIEwmv/4ikkEgMSk/iC:xZ8azvaIEwmblE2k/N

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-02_0f1fabadac1e6af63cf54e1173fedcdf_bkransomware
- Size
  
  131KB
- MD5
  
  0f1fabadac1e6af63cf54e1173fedcdf
- SHA1
  
  362b7a46cbe6ff3f15c1f2d022cb878fd66a124d
- SHA256
  
  5790ef8a9f470fb5a84d95de6c5249b77e71cd271f31141c65e4d502e3093fa7
- SHA512
  
  47ebc0993ecde7c32e9ce270c33242c4d64e2a8cca1d651443b005fa366ca20c0e150091b90aa619871b638fd3a6dc716964575350f06a6d57853745ee74c42c
- SSDEEP
  
  3072:ZRpAyazIliazTdiyBrv1gIEwmv/4ikkEgMSk/iC:xZ8azvaIEwmblE2k/N
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer