00105063664c4ca9de1497147e9d8d53d80c9b8081e159634c7661e8c6322eff | Triage

Sharing

General

Target

2024-05-04_e9baa19aa4c9a0a27c1a3411f1c6d8ae_bkransomware
Size

170KB
Sample

240504-rrrz4agd5z
MD5

e9baa19aa4c9a0a27c1a3411f1c6d8ae
SHA1

7989928817b3a2bd4bfe9adbc04d8195415bea62
SHA256

00105063664c4ca9de1497147e9d8d53d80c9b8081e159634c7661e8c6322eff
SHA512

86631ad4e3de3d46b25581e189cdb8f895251288b9e0a61b9ecb9299da5937ea207020ff0f6c27429b9b167ad28b466294feedf593a29ffb1c0688e2616fafe4
SSDEEP

3072:ZhpAyazIlyazTZhiu101KfnY/eHpHHX9f/2Xiq:hZMazKu101KZHpHHX9mF

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-04_e9baa19aa4c9a0a27c1a3411f1c6d8ae_bkransomware
- Size
  
  170KB
- MD5
  
  e9baa19aa4c9a0a27c1a3411f1c6d8ae
- SHA1
  
  7989928817b3a2bd4bfe9adbc04d8195415bea62
- SHA256
  
  00105063664c4ca9de1497147e9d8d53d80c9b8081e159634c7661e8c6322eff
- SHA512
  
  86631ad4e3de3d46b25581e189cdb8f895251288b9e0a61b9ecb9299da5937ea207020ff0f6c27429b9b167ad28b466294feedf593a29ffb1c0688e2616fafe4
- SSDEEP
  
  3072:ZhpAyazIlyazTZhiu101KfnY/eHpHHX9f/2Xiq:hZMazKu101KZHpHHX9mF
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer