701eb98eca2a5282657503f29b3285a09ca3f40fcbb878c4f2f7c5106c135cf7 | Triage

Sharing

General

Target

2024-05-24_17d78877a0b061aee8e242903af7825e_bkransomware
Size

656KB
Sample

240524-1z5qlada54
MD5

17d78877a0b061aee8e242903af7825e
SHA1

b40f5c296134a9cf00c3baab5a8afcbd84799e85
SHA256

701eb98eca2a5282657503f29b3285a09ca3f40fcbb878c4f2f7c5106c135cf7
SHA512

6dfd2cc62e2f54867f9e5078f0ab97e7d5d7da33b88f0e12674c76a0982cf846ccb9ab73993829668eadc8701694bd389421e3c29cdffeb2ff458b06c24109da
SSDEEP

12288:xC03+RlXPt7sMaQv/cuiW5+c2uOr0Akf00MT75TfgIvz1nHg:D3+RdIQv/jV+CA7XzgYz1Hg

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-24_17d78877a0b061aee8e242903af7825e_bkransomware
- Size
  
  656KB
- MD5
  
  17d78877a0b061aee8e242903af7825e
- SHA1
  
  b40f5c296134a9cf00c3baab5a8afcbd84799e85
- SHA256
  
  701eb98eca2a5282657503f29b3285a09ca3f40fcbb878c4f2f7c5106c135cf7
- SHA512
  
  6dfd2cc62e2f54867f9e5078f0ab97e7d5d7da33b88f0e12674c76a0982cf846ccb9ab73993829668eadc8701694bd389421e3c29cdffeb2ff458b06c24109da
- SSDEEP
  
  12288:xC03+RlXPt7sMaQv/cuiW5+c2uOr0Akf00MT75TfgIvz1nHg:D3+RdIQv/jV+CA7XzgYz1Hg
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer