da13b40d94c38312ff2daa91c49af40066a00b606160ee2fe0f9567a6e22a6ef | Triage

Sharing

General

Target

da13b40d94c38312ff2daa91c49af40066a00b606160ee2fe0f9567a6e22a6ef
Size

5.7MB
Sample

240510-dtvxwafh2s
MD5

66f3f09e75650982b397980063850ff8
SHA1

31636c08b952d0cc939098c4a6a822144497adff
SHA256

da13b40d94c38312ff2daa91c49af40066a00b606160ee2fe0f9567a6e22a6ef
SHA512

eab67c6eb573dcc0748e81702d9e7217661073a46f51835c54856128516810421e8c57e4473a8bd822b8682e2aaabb5a3702a216b588eaebd3c11154eeb0dec6
SSDEEP

49152:jBr9Pv94AEsKU8ggw1g+1CART5eBiyKS3EI3wybn20DCYIHvc8ixuZm9+fWsw6dr:jzKUgTH2M2m9UMpu1QfLczqssnKSk

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  da13b40d94c38312ff2daa91c49af40066a00b606160ee2fe0f9567a6e22a6ef
- Size
  
  5.7MB
- MD5
  
  66f3f09e75650982b397980063850ff8
- SHA1
  
  31636c08b952d0cc939098c4a6a822144497adff
- SHA256
  
  da13b40d94c38312ff2daa91c49af40066a00b606160ee2fe0f9567a6e22a6ef
- SHA512
  
  eab67c6eb573dcc0748e81702d9e7217661073a46f51835c54856128516810421e8c57e4473a8bd822b8682e2aaabb5a3702a216b588eaebd3c11154eeb0dec6
- SSDEEP
  
  49152:jBr9Pv94AEsKU8ggw1g+1CART5eBiyKS3EI3wybn20DCYIHvc8ixuZm9+fWsw6dr:jzKUgTH2M2m9UMpu1QfLczqssnKSk
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2