6e198e3755af0e06470d17e6fdc7673c48d03390b1409734b278afd37e6e3a28 | Triage

Sharing

General

Target

6e198e3755af0e06470d17e6fdc7673c48d03390b1409734b278afd37e6e3a28
Size

717KB
Sample

240522-y49h8sfc63
MD5

845936b1ce35a6c44e943e4997caaf10
SHA1

ba0226f01fd028a1316ccb6e2f6c747d5b0554ec
SHA256

6e198e3755af0e06470d17e6fdc7673c48d03390b1409734b278afd37e6e3a28
SHA512

e6ef9e8e7bd00cf91da6e0fc23a1c0f1343a401dc0751d4195e3612337394f3732ecaffc94c1042e9a1f086d6dd0ae70a9cc0345a367dd218dd415f1b4a26ef4
SSDEEP

12288:L3NPfC6Aj+TN5uixZN+8rKhUdTC/wE1ZD0Ca5ZIXV:L3NnLOS2opPIXV

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  6e198e3755af0e06470d17e6fdc7673c48d03390b1409734b278afd37e6e3a28
- Size
  
  717KB
- MD5
  
  845936b1ce35a6c44e943e4997caaf10
- SHA1
  
  ba0226f01fd028a1316ccb6e2f6c747d5b0554ec
- SHA256
  
  6e198e3755af0e06470d17e6fdc7673c48d03390b1409734b278afd37e6e3a28
- SHA512
  
  e6ef9e8e7bd00cf91da6e0fc23a1c0f1343a401dc0751d4195e3612337394f3732ecaffc94c1042e9a1f086d6dd0ae70a9cc0345a367dd218dd415f1b4a26ef4
- SSDEEP
  
  12288:L3NPfC6Aj+TN5uixZN+8rKhUdTC/wE1ZD0Ca5ZIXV:L3NnLOS2opPIXV
Score

8^/10

spyware stealer
- Drops file in Drivers directory
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2