2577f8d939fcc3f8ccb2fdfff83dbff41fc8f1473d5fc5dd9462ec6ad20a4d8b | Triage

Sharing

General

Target

2024-05-22_e2c0d4dbed2ec368a6da8b9e1c9663d6_bkransomware
Size

96KB
Sample

240522-3j5f1adc7y
MD5

e2c0d4dbed2ec368a6da8b9e1c9663d6
SHA1

3d3c4d4f6f7c3dd14fa721b428fb96671083c0ec
SHA256

2577f8d939fcc3f8ccb2fdfff83dbff41fc8f1473d5fc5dd9462ec6ad20a4d8b
SHA512

bbf5daa7aca1403fb4d153ef7b8b7cabf2cb749c06903f99a86c1c5fdd77348595fdd9b5af3187f903b61c097a2a0b78cb4af7d157a18576751f30211d63160c
SSDEEP

1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTTPimgbwIzQ9yciUdqK:ZhpAyazIlyazTTWM9ynK

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-22_e2c0d4dbed2ec368a6da8b9e1c9663d6_bkransomware
- Size
  
  96KB
- MD5
  
  e2c0d4dbed2ec368a6da8b9e1c9663d6
- SHA1
  
  3d3c4d4f6f7c3dd14fa721b428fb96671083c0ec
- SHA256
  
  2577f8d939fcc3f8ccb2fdfff83dbff41fc8f1473d5fc5dd9462ec6ad20a4d8b
- SHA512
  
  bbf5daa7aca1403fb4d153ef7b8b7cabf2cb749c06903f99a86c1c5fdd77348595fdd9b5af3187f903b61c097a2a0b78cb4af7d157a18576751f30211d63160c
- SSDEEP
  
  1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTTPimgbwIzQ9yciUdqK:ZhpAyazIlyazTTWM9ynK
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer