771962d4d1c5ccf7973a6e146a2049fca7ab408933479d5db2d07a78a8dc2efc | Triage

Sharing

General

Target

d9523e9047f6c51939b41ea2fb6c04b0_NEAS
Size

3.6MB
Sample

240507-tycj4aha46
MD5

d9523e9047f6c51939b41ea2fb6c04b0
SHA1

198494098d52145e4591ee8dfbd340b5d98fff50
SHA256

771962d4d1c5ccf7973a6e146a2049fca7ab408933479d5db2d07a78a8dc2efc
SHA512

9672a79d8017a6774d0e13a88af187cfde4829bdf90cfee495817a6d6696aa241a63eb0f7e46ee2becd78c062933a585570537146e830cd7250c609171c3f274
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB1B/bSqz8b6LNXJqI20t:sxX7QnxrloE5dpUp+bVz8eLFcz

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  d9523e9047f6c51939b41ea2fb6c04b0_NEAS
- Size
  
  3.6MB
- MD5
  
  d9523e9047f6c51939b41ea2fb6c04b0
- SHA1
  
  198494098d52145e4591ee8dfbd340b5d98fff50
- SHA256
  
  771962d4d1c5ccf7973a6e146a2049fca7ab408933479d5db2d07a78a8dc2efc
- SHA512
  
  9672a79d8017a6774d0e13a88af187cfde4829bdf90cfee495817a6d6696aa241a63eb0f7e46ee2becd78c062933a585570537146e830cd7250c609171c3f274
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB1B/bSqz8b6LNXJqI20t:sxX7QnxrloE5dpUp+bVz8eLFcz
Score

7^/10

persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer