89c590150580ea5381b7538d032a9ea24f0272cc15fa2153e9e298df9d9a080f | Triage

Sharing

General

Target

89c590150580ea5381b7538d032a9ea24f0272cc15fa2153e9e298df9d9a080f
Size

153KB
Sample

240522-c5t92shh5s
MD5

30161800c1dd1970849576cbd8cf4d5a
SHA1

1d2aed14103f9583e257d92c0478f31377cea620
SHA256

89c590150580ea5381b7538d032a9ea24f0272cc15fa2153e9e298df9d9a080f
SHA512

ae1e00f2b94f988104e85363ae5f6808125ba77a7af28b4d51f9cf001489cdc652ad6d87c99d4a20d3e72c987954f77108f7d41141d4289cf0200ac44007125b
SSDEEP

3072:kjr87SHQ18FXMijWThdtkYlO/5H+I3Lj5oe:5v18F8btUYlGB+I7j5oe

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  89c590150580ea5381b7538d032a9ea24f0272cc15fa2153e9e298df9d9a080f
- Size
  
  153KB
- MD5
  
  30161800c1dd1970849576cbd8cf4d5a
- SHA1
  
  1d2aed14103f9583e257d92c0478f31377cea620
- SHA256
  
  89c590150580ea5381b7538d032a9ea24f0272cc15fa2153e9e298df9d9a080f
- SHA512
  
  ae1e00f2b94f988104e85363ae5f6808125ba77a7af28b4d51f9cf001489cdc652ad6d87c99d4a20d3e72c987954f77108f7d41141d4289cf0200ac44007125b
- SSDEEP
  
  3072:kjr87SHQ18FXMijWThdtkYlO/5H+I3Lj5oe:5v18F8btUYlGB+I7j5oe
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer