5186286e3efff1bf48947b160ab91bf5f93b447e64cf280547ed767fc25d68fe | Triage

Sharing

General

Target

2024-05-05_e8324521457b68999db7ff2716ec6eaa_bkransomware
Size

288KB
Sample

240505-d9hbqaha39
MD5

e8324521457b68999db7ff2716ec6eaa
SHA1

1f70c5b4b151cdc08c687d3e934bfff10b38c1f3
SHA256

5186286e3efff1bf48947b160ab91bf5f93b447e64cf280547ed767fc25d68fe
SHA512

8a64aa62d260b3e71038e9b3114bb37e01ab3959ea04cb6243e8bc76692267fd8e222ddec9b175537ffb2df57b69f6397c969a7a8969a504ccf460384e125701
SSDEEP

6144:xZ8az6rVGEDWWnpYXlls66ZrOm95oOg+mc8KdZBv:xC0ENyWpYXXuZqmpZmq

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-05_e8324521457b68999db7ff2716ec6eaa_bkransomware
- Size
  
  288KB
- MD5
  
  e8324521457b68999db7ff2716ec6eaa
- SHA1
  
  1f70c5b4b151cdc08c687d3e934bfff10b38c1f3
- SHA256
  
  5186286e3efff1bf48947b160ab91bf5f93b447e64cf280547ed767fc25d68fe
- SHA512
  
  8a64aa62d260b3e71038e9b3114bb37e01ab3959ea04cb6243e8bc76692267fd8e222ddec9b175537ffb2df57b69f6397c969a7a8969a504ccf460384e125701
- SSDEEP
  
  6144:xZ8az6rVGEDWWnpYXlls66ZrOm95oOg+mc8KdZBv:xC0ENyWpYXXuZqmpZmq
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer