e865b38aa950be383f7f7597894010f6acfedd3bd575e0f18d605a4f3bee94de | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-12_bf9655b4b41e067b37955f5b410029a1_bkransomware
Size

71KB
Sample

240512-r4b5eaah9t
MD5

bf9655b4b41e067b37955f5b410029a1
SHA1

8f288b1ae592bf2ae2bee76eec11a66a818ba456
SHA256

e865b38aa950be383f7f7597894010f6acfedd3bd575e0f18d605a4f3bee94de
SHA512

364cc569d28daa00c6510867dc8f8f28d4568322bf967d557543b1c9ede16e6002441daab5d7c2b732d699eda6eccc7a7c32ed80321b93490200a8656fcb48f0
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTL:ZRpAyazIliazTL

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-12_bf9655b4b41e067b37955f5b410029a1_bkransomware
- Size
  
  71KB
- MD5
  
  bf9655b4b41e067b37955f5b410029a1
- SHA1
  
  8f288b1ae592bf2ae2bee76eec11a66a818ba456
- SHA256
  
  e865b38aa950be383f7f7597894010f6acfedd3bd575e0f18d605a4f3bee94de
- SHA512
  
  364cc569d28daa00c6510867dc8f8f28d4568322bf967d557543b1c9ede16e6002441daab5d7c2b732d699eda6eccc7a7c32ed80321b93490200a8656fcb48f0
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTL:ZRpAyazIliazTL
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer