c0e0b3b2067db1e252ffabadd46de7cc039ca9d0a276c41c1d84b349194d2570 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0e0b3b2067db1e252ffabadd46de7cc039ca9d0a276c41c1d84b349194d2570
Size

2.6MB
Sample

240504-xy2e1aba49
MD5

29a15bf156492fff4e64fad15db2d2e3
SHA1

cfcc1961d10852afbaff15ec2a9c9f6ab2be516d
SHA256

c0e0b3b2067db1e252ffabadd46de7cc039ca9d0a276c41c1d84b349194d2570
SHA512

75cc092065eeca2932bd902a3400446d6876ba2fc01ce78988d0f67501548c720cc20b7752363dd99c0abdc694c4672a75e19d99e7cc2039f20d062e9edc9a21
SSDEEP

49152:0NBu2jlkqqidz65qoxTP7Xe22ciWoO5pXhEQTZ1lsc47v/tzVIxgv3hlS95kKiHQ:mo2NZ6AGP7XeW5oEedvDS95Q

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  c0e0b3b2067db1e252ffabadd46de7cc039ca9d0a276c41c1d84b349194d2570
- Size
  
  2.6MB
- MD5
  
  29a15bf156492fff4e64fad15db2d2e3
- SHA1
  
  cfcc1961d10852afbaff15ec2a9c9f6ab2be516d
- SHA256
  
  c0e0b3b2067db1e252ffabadd46de7cc039ca9d0a276c41c1d84b349194d2570
- SHA512
  
  75cc092065eeca2932bd902a3400446d6876ba2fc01ce78988d0f67501548c720cc20b7752363dd99c0abdc694c4672a75e19d99e7cc2039f20d062e9edc9a21
- SSDEEP
  
  49152:0NBu2jlkqqidz65qoxTP7Xe22ciWoO5pXhEQTZ1lsc47v/tzVIxgv3hlS95kKiHQ:mo2NZ6AGP7XeW5oEedvDS95Q
Score

7^/10

spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2