99e7e6854ff59d7ccba1ab7e149bb81e56da9e43995c81621c36c96e56aaab52 | Triage

Sharing

General

Target

2024-05-24_d021aca1bf0c6dd014e930f5f9d22a28_bkransomware
Size

71KB
Sample

240524-ry4x8shf79
MD5

d021aca1bf0c6dd014e930f5f9d22a28
SHA1

5d8732efa96b33b2c821f59af21e367eb2813087
SHA256

99e7e6854ff59d7ccba1ab7e149bb81e56da9e43995c81621c36c96e56aaab52
SHA512

3176fcd0a73a5ce5f9cd87fdfe7887f2ebab1d22e9b1bff8d498f33a0842f3c6c6b160b45a276568cb00978a03c6efc53ab084eed3823a73032c89ff006a007d
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazT9:ZRpAyazIliazT9

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-24_d021aca1bf0c6dd014e930f5f9d22a28_bkransomware
- Size
  
  71KB
- MD5
  
  d021aca1bf0c6dd014e930f5f9d22a28
- SHA1
  
  5d8732efa96b33b2c821f59af21e367eb2813087
- SHA256
  
  99e7e6854ff59d7ccba1ab7e149bb81e56da9e43995c81621c36c96e56aaab52
- SHA512
  
  3176fcd0a73a5ce5f9cd87fdfe7887f2ebab1d22e9b1bff8d498f33a0842f3c6c6b160b45a276568cb00978a03c6efc53ab084eed3823a73032c89ff006a007d
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazT9:ZRpAyazIliazT9
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer