5feab5ede15b808db51a1e592b569049d1bf94f9abc3bfce59e4113df7e47704 | Triage

Sharing

General

Target

2024-05-22_e5fce993243da65fe56a6f97b0f66922_bkransomware_karagany
Size

677KB
Sample

240522-bg3e3sfe45
MD5

e5fce993243da65fe56a6f97b0f66922
SHA1

269302bd729999a3c5b5e662731df7411ce1457c
SHA256

5feab5ede15b808db51a1e592b569049d1bf94f9abc3bfce59e4113df7e47704
SHA512

e1d72d0373bc91b4e5317b37d0a484f862576db5e0a8caa8743c76de11d60387e5a66095f1742cfcdb6ff268d79ad2feffd0847e3d9195804cfe92d7c173df0e
SSDEEP

12288:hvXk1oUMAdB8qr0zw9iXQ40AOzDr5YJjsF/5v3ZkHRik8R:5k1oatr0zAiX90z/F0jsFB3SQkW

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  2024-05-22_e5fce993243da65fe56a6f97b0f66922_bkransomware_karagany
- Size
  
  677KB
- MD5
  
  e5fce993243da65fe56a6f97b0f66922
- SHA1
  
  269302bd729999a3c5b5e662731df7411ce1457c
- SHA256
  
  5feab5ede15b808db51a1e592b569049d1bf94f9abc3bfce59e4113df7e47704
- SHA512
  
  e1d72d0373bc91b4e5317b37d0a484f862576db5e0a8caa8743c76de11d60387e5a66095f1742cfcdb6ff268d79ad2feffd0847e3d9195804cfe92d7c173df0e
- SSDEEP
  
  12288:hvXk1oUMAdB8qr0zw9iXQ40AOzDr5YJjsF/5v3ZkHRik8R:5k1oatr0zAiX90z/F0jsFB3SQkW
Score

7^/10

spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2