916ec85a2f05c5f9430819ef2f160c67c426ed95160e16d83875edb98838dd76 | Triage

Sharing

General

Target

2024-05-23_41b6b34b4995275ab98720992c875833_bkransomware
Size

257KB
Sample

240523-jp7zjahh79
MD5

41b6b34b4995275ab98720992c875833
SHA1

6f1bde63227b100db1c3ae705088300800f3e821
SHA256

916ec85a2f05c5f9430819ef2f160c67c426ed95160e16d83875edb98838dd76
SHA512

28769845e78c7208f0b1d69e508098ddbcf05b0ea2921475bad34f6f48f471a66cda943411eee6351fcf48b0cfcbbf3e7a03c157817a2dd322c4b5004906cf18
SSDEEP

6144:xZ8azItcsLt5QgDxbZ0Hdxe1Op1sir2XOmJS:xC0yvt5Lx6HdxHSpS

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-23_41b6b34b4995275ab98720992c875833_bkransomware
- Size
  
  257KB
- MD5
  
  41b6b34b4995275ab98720992c875833
- SHA1
  
  6f1bde63227b100db1c3ae705088300800f3e821
- SHA256
  
  916ec85a2f05c5f9430819ef2f160c67c426ed95160e16d83875edb98838dd76
- SHA512
  
  28769845e78c7208f0b1d69e508098ddbcf05b0ea2921475bad34f6f48f471a66cda943411eee6351fcf48b0cfcbbf3e7a03c157817a2dd322c4b5004906cf18
- SSDEEP
  
  6144:xZ8azItcsLt5QgDxbZ0Hdxe1Op1sir2XOmJS:xC0yvt5Lx6HdxHSpS
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer