c74a6001e3450355a643b5350475436596b7e09577ef87a875b5c3e96f970985 | Triage

Sharing

General

Target

2024-05-24_5d21d3109cf90f7d18935f3d47c28d6c_bkransomware
Size

71KB
Sample

240524-nthyesfe3y
MD5

5d21d3109cf90f7d18935f3d47c28d6c
SHA1

8614d3f6fa286a014819b0d78c56761960ed53c4
SHA256

c74a6001e3450355a643b5350475436596b7e09577ef87a875b5c3e96f970985
SHA512

e6c2b4a1186b6dd7b74f7e422548a7fc619c537c58dffae2c9b12b392eea830e4f5897aacb629374c49d026c38ff3aa39f6334138573dda60b0294d5da98abf2
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTl:ZRpAyazIliazTl

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-24_5d21d3109cf90f7d18935f3d47c28d6c_bkransomware
- Size
  
  71KB
- MD5
  
  5d21d3109cf90f7d18935f3d47c28d6c
- SHA1
  
  8614d3f6fa286a014819b0d78c56761960ed53c4
- SHA256
  
  c74a6001e3450355a643b5350475436596b7e09577ef87a875b5c3e96f970985
- SHA512
  
  e6c2b4a1186b6dd7b74f7e422548a7fc619c537c58dffae2c9b12b392eea830e4f5897aacb629374c49d026c38ff3aa39f6334138573dda60b0294d5da98abf2
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTl:ZRpAyazIliazTl
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer