a475a028012948e78ee5e16c3fc3971ec5f8b47f281a0f2f49c1ce4b8126f491 | Triage

Sharing

General

Target

a475a028012948e78ee5e16c3fc3971ec5f8b47f281a0f2f49c1ce4b8126f491
Size

322KB
Sample

240523-nehn4seb7z
MD5

166bb278dde1983d4232bf94579c2bfc
SHA1

c4a32c97c6ad523a9d45f5e1bedbe384cd9680b2
SHA256

a475a028012948e78ee5e16c3fc3971ec5f8b47f281a0f2f49c1ce4b8126f491
SHA512

a33c3b0888bdae4cc0ead6e5e56aa0f7fd99cacc2c2a43100537cd953beb6f1356a56b43a77dac91bce7c7f65eca36ea7167942ad9701d8d2ff3274050a5869e
SSDEEP

1536:rGFaYzMXqtGNtty1yVumRTTi9aJfXgY1zUTyr5hVM:rGFaY46tGNtty17+XgTTSje

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  a475a028012948e78ee5e16c3fc3971ec5f8b47f281a0f2f49c1ce4b8126f491
- Size
  
  322KB
- MD5
  
  166bb278dde1983d4232bf94579c2bfc
- SHA1
  
  c4a32c97c6ad523a9d45f5e1bedbe384cd9680b2
- SHA256
  
  a475a028012948e78ee5e16c3fc3971ec5f8b47f281a0f2f49c1ce4b8126f491
- SHA512
  
  a33c3b0888bdae4cc0ead6e5e56aa0f7fd99cacc2c2a43100537cd953beb6f1356a56b43a77dac91bce7c7f65eca36ea7167942ad9701d8d2ff3274050a5869e
- SSDEEP
  
  1536:rGFaYzMXqtGNtty1yVumRTTi9aJfXgY1zUTyr5hVM:rGFaY46tGNtty17+XgTTSje
Score

8^/10

spyware stealer
- Drops file in Drivers directory
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2