3464373dc628c72a680e4c69c3dd73c3aea0f66a8b509933f5818e516fc03985 | Triage

Sharing

General

Target

sample
Size

16KB
Sample

240524-wxpt5see2v
MD5

3a8fb09f8cfd8c9012520e9d45f961ba
SHA1

faba2dba5063476f5f8742932963249d81c5c0cb
SHA256

3464373dc628c72a680e4c69c3dd73c3aea0f66a8b509933f5818e516fc03985
SHA512

d144ba21d218fd3f77f66665577c40c048c4bc6f30efa1ad3b2e3ecc9d95eeb425dd2b02243b20410a3c3c6bf2625c342e6f6299ba48c49c648f7e2ea14d49d4
SSDEEP

192:x4ufWIyc+MDg9PxUfrULIAFCy8GAGYoQN6S5+MO2FHB/ibLDiTkok:x0Vig9pUfrUz8GAGM6O+x2V1i/DiTkn

Score

8^/10

evasion spyware stealer

Malware Config

Targets

- Target
  
  sample
- Size
  
  16KB
- MD5
  
  3a8fb09f8cfd8c9012520e9d45f961ba
- SHA1
  
  faba2dba5063476f5f8742932963249d81c5c0cb
- SHA256
  
  3464373dc628c72a680e4c69c3dd73c3aea0f66a8b509933f5818e516fc03985
- SHA512
  
  d144ba21d218fd3f77f66665577c40c048c4bc6f30efa1ad3b2e3ecc9d95eeb425dd2b02243b20410a3c3c6bf2625c342e6f6299ba48c49c648f7e2ea14d49d4
- SSDEEP
  
  192:x4ufWIyc+MDg9PxUfrULIAFCy8GAGYoQN6S5+MO2FHB/ibLDiTkok:x0Vig9pUfrUz8GAGM6O+x2V1i/DiTkn
Score

8^/10

evasion spyware stealer
- Modifies Windows Firewall
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionspywarestealer