65f1330af4739c156b196d674fcf3dd31cd570ea922914fbdc87ee1f6deb58ed | Triage

Sharing

General

Target

2e8357acbfdf0f648b43847ef84f9350_NEIKI
Size

3.1MB
Sample

240507-zm9y4saa38
MD5

2e8357acbfdf0f648b43847ef84f9350
SHA1

12f636359dc489e37712f6001b0201a60bde8ea4
SHA256

65f1330af4739c156b196d674fcf3dd31cd570ea922914fbdc87ee1f6deb58ed
SHA512

0ab838d6f4e242a8cabefcda3d6958235b6f6fb4eec673b668ebc001310efc12f26b3d9fb9c9ebe0942fd098d454fd5781397442e28d4ecfdb7db4c7cf7af876
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBdB/bSqz8b6LNXJqI:sxX7QnxrloE5dpUpqbVz8eLFc

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2e8357acbfdf0f648b43847ef84f9350_NEIKI
- Size
  
  3.1MB
- MD5
  
  2e8357acbfdf0f648b43847ef84f9350
- SHA1
  
  12f636359dc489e37712f6001b0201a60bde8ea4
- SHA256
  
  65f1330af4739c156b196d674fcf3dd31cd570ea922914fbdc87ee1f6deb58ed
- SHA512
  
  0ab838d6f4e242a8cabefcda3d6958235b6f6fb4eec673b668ebc001310efc12f26b3d9fb9c9ebe0942fd098d454fd5781397442e28d4ecfdb7db4c7cf7af876
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBdB/bSqz8b6LNXJqI:sxX7QnxrloE5dpUpqbVz8eLFc
Score

7^/10

persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer