2b349842584fac2df9e833e6a90f5f098432027529ccf4884969df9ab1734bc9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-10_cc21521bfca2a6379f829be4a5a10868_bkransomware
Size

71KB
Sample

240510-p48r9sah37
MD5

cc21521bfca2a6379f829be4a5a10868
SHA1

45ab731815dd37c3215c22fc43f365c86b9abdef
SHA256

2b349842584fac2df9e833e6a90f5f098432027529ccf4884969df9ab1734bc9
SHA512

5b1b7a3aee3caaa9079efdc868223ad9b05bb9716910f125738a5c0d1ab89e4f358ec94c0e574a08011f73464078a15660493fbb0f2306e691ff60162e295d8f
SSDEEP

1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazT9:ZhpAyazIlyazT9

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-10_cc21521bfca2a6379f829be4a5a10868_bkransomware
- Size
  
  71KB
- MD5
  
  cc21521bfca2a6379f829be4a5a10868
- SHA1
  
  45ab731815dd37c3215c22fc43f365c86b9abdef
- SHA256
  
  2b349842584fac2df9e833e6a90f5f098432027529ccf4884969df9ab1734bc9
- SHA512
  
  5b1b7a3aee3caaa9079efdc868223ad9b05bb9716910f125738a5c0d1ab89e4f358ec94c0e574a08011f73464078a15660493fbb0f2306e691ff60162e295d8f
- SSDEEP
  
  1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazT9:ZhpAyazIlyazT9
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer