6815e4dbb1e1e98566e408d220b773a61821f086a39413002f65eeab59fe334f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-03_076f51994812baf3ad4e5ee614efcd61_bkransomware
Size

214KB
Sample

240503-r5z8mahe5x
MD5

076f51994812baf3ad4e5ee614efcd61
SHA1

5c5835f86287c4a3cdedeb871d5a44a80448caef
SHA256

6815e4dbb1e1e98566e408d220b773a61821f086a39413002f65eeab59fe334f
SHA512

b61274a87da6dc60bbc48568e2b00a42b515ee5931c9c4d7dee810a219be5ba182c0cbe19c8df92f469417597e43aef09f1a9ceb8b24a07b0eb93877e06b0355
SSDEEP

6144:xZ8az6XMnCvvYzJvrLUY0EHMi9uC7xrx8+7uaVz9:xC0VnCcVHP1uC7A+7uyz9

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-03_076f51994812baf3ad4e5ee614efcd61_bkransomware
- Size
  
  214KB
- MD5
  
  076f51994812baf3ad4e5ee614efcd61
- SHA1
  
  5c5835f86287c4a3cdedeb871d5a44a80448caef
- SHA256
  
  6815e4dbb1e1e98566e408d220b773a61821f086a39413002f65eeab59fe334f
- SHA512
  
  b61274a87da6dc60bbc48568e2b00a42b515ee5931c9c4d7dee810a219be5ba182c0cbe19c8df92f469417597e43aef09f1a9ceb8b24a07b0eb93877e06b0355
- SSDEEP
  
  6144:xZ8az6XMnCvvYzJvrLUY0EHMi9uC7xrx8+7uaVz9:xC0VnCcVHP1uC7A+7uyz9
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer