aa7ba767eddc92eb05c97623c5c0c0a4c5e016b8ae59743806e10dc116265710 | Triage

Sharing

General

Target

2024-05-10_bb67884c73f0b65bca139475e0dc1b08_bkransomware
Size

71KB
Sample

240510-tzsygaaa68
MD5

bb67884c73f0b65bca139475e0dc1b08
SHA1

4d6be9a72ff864a081679f6c120555887c136fea
SHA256

aa7ba767eddc92eb05c97623c5c0c0a4c5e016b8ae59743806e10dc116265710
SHA512

bea877b21a9bf34be743478284659184608f7c52b575e4fb9b7b6a2648b582caca016bf5ff5c17ac5903ccc353d5605aef017420099b0787726a640a23f3c66c
SSDEEP

1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTt:ZhpAyazIlyazTt

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-10_bb67884c73f0b65bca139475e0dc1b08_bkransomware
- Size
  
  71KB
- MD5
  
  bb67884c73f0b65bca139475e0dc1b08
- SHA1
  
  4d6be9a72ff864a081679f6c120555887c136fea
- SHA256
  
  aa7ba767eddc92eb05c97623c5c0c0a4c5e016b8ae59743806e10dc116265710
- SHA512
  
  bea877b21a9bf34be743478284659184608f7c52b575e4fb9b7b6a2648b582caca016bf5ff5c17ac5903ccc353d5605aef017420099b0787726a640a23f3c66c
- SSDEEP
  
  1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTt:ZhpAyazIlyazTt
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer