4f117c2022a64e2b28d114c36e0443a6fcee334004b85f4f870112b077368b11 | Triage

Sharing

General

Target

2024-05-03_0899f40de23e17d03af1418b76d4f80c_bkransomware
Size

918KB
Sample

240503-wc6xxsfa36
MD5

0899f40de23e17d03af1418b76d4f80c
SHA1

7245018c4a0ffeb02d0e229dbf5622cd44a54cd9
SHA256

4f117c2022a64e2b28d114c36e0443a6fcee334004b85f4f870112b077368b11
SHA512

5f0bebbe7fd15afb5d94452eaedf24add7bc4156c777e7d78ab7caa620c07634c612b0efb1da60c06bb07ea9d7f95ea620818bf79cb5a639d0e0c0c1dcf2f4f7
SSDEEP

24576:DZNYSmSmoR+d665h7psR35EOUdltP4nLReqZpyZ9tj:DvYSmSm9dx5h7psl5ctP4LDPyfR

Score

7^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-03_0899f40de23e17d03af1418b76d4f80c_bkransomware
- Size
  
  918KB
- MD5
  
  0899f40de23e17d03af1418b76d4f80c
- SHA1
  
  7245018c4a0ffeb02d0e229dbf5622cd44a54cd9
- SHA256
  
  4f117c2022a64e2b28d114c36e0443a6fcee334004b85f4f870112b077368b11
- SHA512
  
  5f0bebbe7fd15afb5d94452eaedf24add7bc4156c777e7d78ab7caa620c07634c612b0efb1da60c06bb07ea9d7f95ea620818bf79cb5a639d0e0c0c1dcf2f4f7
- SSDEEP
  
  24576:DZNYSmSmoR+d665h7psR35EOUdltP4nLReqZpyZ9tj:DvYSmSm9dx5h7psl5ctP4LDPyfR
Score

7^/10

persistence spyware stealer discovery
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

discoverypersistencespywarestealer