c94c00e677fcbeccb3e35f4f9596857f2e41726181aedb00d2a3150c3090610e | Triage

Sharing

General

Target

2024-05-04_4d4c10bea451c037c40c9e4daa116001_bkransomware
Size

71KB
Sample

240504-s5mszaaa8w
MD5

4d4c10bea451c037c40c9e4daa116001
SHA1

ccfb4d97d77379e0751ad53fb6f951413f8ba96c
SHA256

c94c00e677fcbeccb3e35f4f9596857f2e41726181aedb00d2a3150c3090610e
SHA512

03cbd0432bd80230fe6005892f240c5481e6d76f83b369b09b997481dc0ad13f91bd3249f94e9781607411455b9de352ac3bbf1230443d0e7d04542275d8e99c
SSDEEP

1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTe:ZhpAyazIlyazTe

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-04_4d4c10bea451c037c40c9e4daa116001_bkransomware
- Size
  
  71KB
- MD5
  
  4d4c10bea451c037c40c9e4daa116001
- SHA1
  
  ccfb4d97d77379e0751ad53fb6f951413f8ba96c
- SHA256
  
  c94c00e677fcbeccb3e35f4f9596857f2e41726181aedb00d2a3150c3090610e
- SHA512
  
  03cbd0432bd80230fe6005892f240c5481e6d76f83b369b09b997481dc0ad13f91bd3249f94e9781607411455b9de352ac3bbf1230443d0e7d04542275d8e99c
- SSDEEP
  
  1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTe:ZhpAyazIlyazTe
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer