ec27b3c4d7b8b1ec4cca9848f166dc6b6562359bf88f82299c3e9cdfd8a27492 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ec27b3c4d7b8b1ec4cca9848f166dc6b6562359bf88f82299c3e9cdfd8a27492
Size

366KB
Sample

240505-rn53jsfe79
MD5

f781be5e4711246b43d0964933008307
SHA1

5a89ba09aea5f7c258c9b311e92729663b60ffae
SHA256

ec27b3c4d7b8b1ec4cca9848f166dc6b6562359bf88f82299c3e9cdfd8a27492
SHA512

3b6ce2b7df9bf512317c781b76634ce870c9c21625aba9866a0013f3dd8e34414d3a33178d0466f007d9e4631e7b415fecea3b8ac1f8e05a6b723d4395dd4406
SSDEEP

6144:Z46tGdy9CH9L5d5ezLqIFQSDdABbSbIrx1L1l3ERF:Z3N9CH9Eq+0BbSox1QF

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  ec27b3c4d7b8b1ec4cca9848f166dc6b6562359bf88f82299c3e9cdfd8a27492
- Size
  
  366KB
- MD5
  
  f781be5e4711246b43d0964933008307
- SHA1
  
  5a89ba09aea5f7c258c9b311e92729663b60ffae
- SHA256
  
  ec27b3c4d7b8b1ec4cca9848f166dc6b6562359bf88f82299c3e9cdfd8a27492
- SHA512
  
  3b6ce2b7df9bf512317c781b76634ce870c9c21625aba9866a0013f3dd8e34414d3a33178d0466f007d9e4631e7b415fecea3b8ac1f8e05a6b723d4395dd4406
- SSDEEP
  
  6144:Z46tGdy9CH9L5d5ezLqIFQSDdABbSbIrx1L1l3ERF:Z3N9CH9Eq+0BbSox1QF
Score

8^/10

spyware stealer
- Drops file in Drivers directory
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2