0f217eccc0b06dc7d492141587505a1f94b7c15a15ded32f6dcb967ca4ebe237 | Triage

Sharing

General

Target

2024-05-21_5e55e59b8ffbd268f45f5f2fa62e9385_bkransomware
Size

96KB
Sample

240521-w7km6sec57
MD5

5e55e59b8ffbd268f45f5f2fa62e9385
SHA1

c6839c98a8346b9576f2e93f2a30f75bbdc70494
SHA256

0f217eccc0b06dc7d492141587505a1f94b7c15a15ded32f6dcb967ca4ebe237
SHA512

c6658c53c13ac0cb5b0428ee852e874d1ab06e3de8bc7c18dd943f143772b0f17c3312a532b67b1b4132c8972cb2380327b88f43f62a86f917204955c2de9654
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazT6Iyn6ESMYzWeKksbQxf:ZRpAyazIliazTBEgzWeKJbCf

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-21_5e55e59b8ffbd268f45f5f2fa62e9385_bkransomware
- Size
  
  96KB
- MD5
  
  5e55e59b8ffbd268f45f5f2fa62e9385
- SHA1
  
  c6839c98a8346b9576f2e93f2a30f75bbdc70494
- SHA256
  
  0f217eccc0b06dc7d492141587505a1f94b7c15a15ded32f6dcb967ca4ebe237
- SHA512
  
  c6658c53c13ac0cb5b0428ee852e874d1ab06e3de8bc7c18dd943f143772b0f17c3312a532b67b1b4132c8972cb2380327b88f43f62a86f917204955c2de9654
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazT6Iyn6ESMYzWeKksbQxf:ZRpAyazIliazTBEgzWeKJbCf
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer