c12d1922c105cda03a6c3bfa703244dee95b59cf84078a634f4c321abcb21c53 | Triage

Sharing

General

Target

2024-05-21_1d58a33157321d1623c13c062eaa75c7_bkransomware
Size

71KB
Sample

240521-x4llqsfg76
MD5

1d58a33157321d1623c13c062eaa75c7
SHA1

817f3fece336c1f26014cd69ee62ef516fecd37a
SHA256

c12d1922c105cda03a6c3bfa703244dee95b59cf84078a634f4c321abcb21c53
SHA512

d444e8d4765be23d5306b82d8c25841a2b5cb35aa561d94136c3a858719dca3ddf02eb3789b08453958f046b3c51eb794389ed512d37685832930647ecfbe2bc
SSDEEP

1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTYw:ZhpAyazIlyazTYw

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-21_1d58a33157321d1623c13c062eaa75c7_bkransomware
- Size
  
  71KB
- MD5
  
  1d58a33157321d1623c13c062eaa75c7
- SHA1
  
  817f3fece336c1f26014cd69ee62ef516fecd37a
- SHA256
  
  c12d1922c105cda03a6c3bfa703244dee95b59cf84078a634f4c321abcb21c53
- SHA512
  
  d444e8d4765be23d5306b82d8c25841a2b5cb35aa561d94136c3a858719dca3ddf02eb3789b08453958f046b3c51eb794389ed512d37685832930647ecfbe2bc
- SSDEEP
  
  1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTYw:ZhpAyazIlyazTYw
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer