fdc425927411eea9bee258db58c8e38c890af3f0c084b160e53b417597004421 | Triage

Sharing

General

Target

fdc425927411eea9bee258db58c8e38c890af3f0c084b160e53b417597004421
Size

66KB
Sample

240523-mcl33sch9y
MD5

e464d6d2a65533f864d44052bec96666
SHA1

5080b97abbbeb04bf6759071bdabe5a5f440e9c7
SHA256

fdc425927411eea9bee258db58c8e38c890af3f0c084b160e53b417597004421
SHA512

6249da6f6b0a08303877f7b8204aa36d6ccb5ce99b68fde470819de933a899ae5b651eec54770c6534607738b635f3d388f0e882405636c73fa7db949130951a
SSDEEP

1536:Qh1oRJbj/e+Zk77RNCLp44x6xZoEV0JuRUFyMOaHQ1l:QCe+aX3t4rk0JXXOeQ

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  fdc425927411eea9bee258db58c8e38c890af3f0c084b160e53b417597004421
- Size
  
  66KB
- MD5
  
  e464d6d2a65533f864d44052bec96666
- SHA1
  
  5080b97abbbeb04bf6759071bdabe5a5f440e9c7
- SHA256
  
  fdc425927411eea9bee258db58c8e38c890af3f0c084b160e53b417597004421
- SHA512
  
  6249da6f6b0a08303877f7b8204aa36d6ccb5ce99b68fde470819de933a899ae5b651eec54770c6534607738b635f3d388f0e882405636c73fa7db949130951a
- SSDEEP
  
  1536:Qh1oRJbj/e+Zk77RNCLp44x6xZoEV0JuRUFyMOaHQ1l:QCe+aX3t4rk0JXXOeQ
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2