cb8f67fd5d2dc9a5a5c06588b8aca4dde03edfd9f5f496c98119399168df4109 | Triage

Sharing

General

Target

cb8f67fd5d2dc9a5a5c06588b8aca4dde03edfd9f5f496c98119399168df4109
Size

57KB
Sample

240523-negf2sec26
MD5

4a6fe179999bf2fc84a435bfcdf6c44f
SHA1

bddb49c7b74e799d3a22347c39a0128d57974e0c
SHA256

cb8f67fd5d2dc9a5a5c06588b8aca4dde03edfd9f5f496c98119399168df4109
SHA512

a82cf4e34f9751e63c4f9e8f9aa6b74b7405780d91ef115510d2cc973dbf7b10d09eab54881b1cb01bfb7c4ab99841a0fbdce2d5293801546d2ac8b6407d9ea9
SSDEEP

1536:rGFaYzMXqtGNtty1yVumRTTQ3hpdBRZEWq:rGFaY46tGNtty1T35jq

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  cb8f67fd5d2dc9a5a5c06588b8aca4dde03edfd9f5f496c98119399168df4109
- Size
  
  57KB
- MD5
  
  4a6fe179999bf2fc84a435bfcdf6c44f
- SHA1
  
  bddb49c7b74e799d3a22347c39a0128d57974e0c
- SHA256
  
  cb8f67fd5d2dc9a5a5c06588b8aca4dde03edfd9f5f496c98119399168df4109
- SHA512
  
  a82cf4e34f9751e63c4f9e8f9aa6b74b7405780d91ef115510d2cc973dbf7b10d09eab54881b1cb01bfb7c4ab99841a0fbdce2d5293801546d2ac8b6407d9ea9
- SSDEEP
  
  1536:rGFaYzMXqtGNtty1yVumRTTQ3hpdBRZEWq:rGFaY46tGNtty1T35jq
Score

8^/10

spyware stealer
- Drops file in Drivers directory
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2