252d8c1d88c2a702e0b082506f30e603b7fb54bb1081f121aa81e32b49dbd2df | Triage

Sharing

General

Target

2024-05-23_a5c6f0537e7a3371b7cf4799e09d710c_bkransomware
Size

71KB
Sample

240523-ecnb5sda46
MD5

a5c6f0537e7a3371b7cf4799e09d710c
SHA1

72f0c2dc4c404774e3fe83c87bbad4fc96283397
SHA256

252d8c1d88c2a702e0b082506f30e603b7fb54bb1081f121aa81e32b49dbd2df
SHA512

70f38764f863c98788e594c81376786011538ea809d2d899876fe12fc07ceb81909f16eca1f31fdddf7db0fba2187184d61c610966c4615b6841dd14320e34f0
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTL:ZRpAyazIliazTL

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-23_a5c6f0537e7a3371b7cf4799e09d710c_bkransomware
- Size
  
  71KB
- MD5
  
  a5c6f0537e7a3371b7cf4799e09d710c
- SHA1
  
  72f0c2dc4c404774e3fe83c87bbad4fc96283397
- SHA256
  
  252d8c1d88c2a702e0b082506f30e603b7fb54bb1081f121aa81e32b49dbd2df
- SHA512
  
  70f38764f863c98788e594c81376786011538ea809d2d899876fe12fc07ceb81909f16eca1f31fdddf7db0fba2187184d61c610966c4615b6841dd14320e34f0
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTL:ZRpAyazIliazTL
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer