7f610f8216bc3125be38d39ae5696cc8ef5fc0ce10e4e15256000aba4180a3b4 | Triage

Sharing

General

Target

02b0553d71c40a60e184e969707f0a00_NEAS
Size

3.6MB
Sample

240507-xd58fsce36
MD5

02b0553d71c40a60e184e969707f0a00
SHA1

6d528aa5dc28352803b86fe4e03bff9015f1197f
SHA256

7f610f8216bc3125be38d39ae5696cc8ef5fc0ce10e4e15256000aba4180a3b4
SHA512

2d5940603b19cd1d3a6f17d658f3d4228c8a6addab3806a386817932c93dc51ff2e650d0120542c2de4e454868366ee6c0c1df20be1f323b157af1dd499109c9
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBbB/bSqz8:sxX7QnxrloE5dpUpkbVz8

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  02b0553d71c40a60e184e969707f0a00_NEAS
- Size
  
  3.6MB
- MD5
  
  02b0553d71c40a60e184e969707f0a00
- SHA1
  
  6d528aa5dc28352803b86fe4e03bff9015f1197f
- SHA256
  
  7f610f8216bc3125be38d39ae5696cc8ef5fc0ce10e4e15256000aba4180a3b4
- SHA512
  
  2d5940603b19cd1d3a6f17d658f3d4228c8a6addab3806a386817932c93dc51ff2e650d0120542c2de4e454868366ee6c0c1df20be1f323b157af1dd499109c9
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBbB/bSqz8:sxX7QnxrloE5dpUpkbVz8
Score

7^/10

persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer