0080bddd642c1dcdb7f013847cdbe7982657e4ba9957e4a38ebb79d5ffacd999 | Triage

Sharing

General

Target

0080bddd642c1dcdb7f013847cdbe7982657e4ba9957e4a38ebb79d5ffacd999
Size

71.2MB
Sample

240514-acp4hsba71
MD5

a4233b24f118113cd88e8782348a184b
SHA1

dbfae8333970bd91985ad8b1e5b943bc01af17a5
SHA256

0080bddd642c1dcdb7f013847cdbe7982657e4ba9957e4a38ebb79d5ffacd999
SHA512

a29bcabf3ce9c9af21b9867f744d9bfe135e98639816265b226ed5151d74944179d582f7956504fdfc9626ad7dff9f3b584bb8328673afa3076a68d7577a6f02
SSDEEP

1572864:4SLLBYkapwYQIghKXH+c8MR9l0Dno8tAVAXrO7+kGre2swu:4IuNwRI/jFgDnDOSXejF

Score

7^/10

discovery execution spyware stealer

Malware Config

Targets

- Target
  
  0080bddd642c1dcdb7f013847cdbe7982657e4ba9957e4a38ebb79d5ffacd999
- Size
  
  71.2MB
- MD5
  
  a4233b24f118113cd88e8782348a184b
- SHA1
  
  dbfae8333970bd91985ad8b1e5b943bc01af17a5
- SHA256
  
  0080bddd642c1dcdb7f013847cdbe7982657e4ba9957e4a38ebb79d5ffacd999
- SHA512
  
  a29bcabf3ce9c9af21b9867f744d9bfe135e98639816265b226ed5151d74944179d582f7956504fdfc9626ad7dff9f3b584bb8328673afa3076a68d7577a6f02
- SSDEEP
  
  1572864:4SLLBYkapwYQIghKXH+c8MR9l0Dno8tAVAXrO7+kGre2swu:4IuNwRI/jFgDnDOSXejF
Score

7^/10

discovery execution spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  encryp.exe
- Size
  
  152.7MB
- MD5
  
  25f888fc79242c7eace67573b878f0f9
- SHA1
  
  d528dfd86871e14eab58b45406d38e1570470d46
- SHA256
  
  67efa8c6754b1d546c71a7ddb19d00814662c45425ead7dbf148870cbd982340
- SHA512
  
  ccb6cc285b13b885010e0d4c3eff8f50d9b3bce08d07d0a326051f84d8e131989631712219988bb5f4caf2072e3abdeca527a27742195bcd48b137f94e0e1278
- SSDEEP
  
  1572864:KLBZB52nvuZ7wVuMbgR7Sp6kYdEctmhoLsPagBsgkx52HYhwj+vfIBUdoJnP9Dj0:KypCmJctBjj2+Jv
Score

7^/10

execution spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionspywarestealer

behavioral2

discoveryexecutionspywarestealer

behavioral3

executionspywarestealer

behavioral4

executionspywarestealer

behavioral5

behavioral6