e29ca5ce91e0fd6cb1693a6280edfd54fd1c31ebc0476e1a063b642ccf3faede | Triage

Sharing

General

Target

e29ca5ce91e0fd6cb1693a6280edfd54fd1c31ebc0476e1a063b642ccf3faede
Size

952KB
Sample

240503-wvwvnsfg57
MD5

f4d8a4ea41000a7b8aa93a496ac1a4b7
SHA1

3aa714a82d9214838da5036d7bc89234a6b0c2cb
SHA256

e29ca5ce91e0fd6cb1693a6280edfd54fd1c31ebc0476e1a063b642ccf3faede
SHA512

8fe5380a2b2502cb7b14217aa020ef2d893441891ec3af803e81b5948e9db211759340253072bfd8d9582b2c43546aac08e2c666baf664ada57833402ac61338
SSDEEP

24576:42LxQvkDFoip66KfwOI4GofidEE8h+9o4:4kx4ki7hfw34Gof3E8p4

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  e29ca5ce91e0fd6cb1693a6280edfd54fd1c31ebc0476e1a063b642ccf3faede
- Size
  
  952KB
- MD5
  
  f4d8a4ea41000a7b8aa93a496ac1a4b7
- SHA1
  
  3aa714a82d9214838da5036d7bc89234a6b0c2cb
- SHA256
  
  e29ca5ce91e0fd6cb1693a6280edfd54fd1c31ebc0476e1a063b642ccf3faede
- SHA512
  
  8fe5380a2b2502cb7b14217aa020ef2d893441891ec3af803e81b5948e9db211759340253072bfd8d9582b2c43546aac08e2c666baf664ada57833402ac61338
- SSDEEP
  
  24576:42LxQvkDFoip66KfwOI4GofidEE8h+9o4:4kx4ki7hfw34Gof3E8p4
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2