a7e3ef078c75b98781e9d36fe3a5b1b9aa955ab6b67b49e2c79c54950e287d5e | Triage

Sharing

General

Target

2024-05-27_f67871cc201c15922d45254a996a6883_bkransomware
Size

71KB
Sample

240527-gfyy6aaa7y
MD5

f67871cc201c15922d45254a996a6883
SHA1

bf374a7280e2f8a2ad4403d657f03d3e19f10bba
SHA256

a7e3ef078c75b98781e9d36fe3a5b1b9aa955ab6b67b49e2c79c54950e287d5e
SHA512

8765719d106e8b01dc397fc0de7a090e1b06b72c447b3153e7f15d846de8b20278b48eb2c099e983ba400b64223d40a1d3c226891b9f3e053a9f191f454ed798
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTQ:ZRpAyazIliazTQ

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-27_f67871cc201c15922d45254a996a6883_bkransomware
- Size
  
  71KB
- MD5
  
  f67871cc201c15922d45254a996a6883
- SHA1
  
  bf374a7280e2f8a2ad4403d657f03d3e19f10bba
- SHA256
  
  a7e3ef078c75b98781e9d36fe3a5b1b9aa955ab6b67b49e2c79c54950e287d5e
- SHA512
  
  8765719d106e8b01dc397fc0de7a090e1b06b72c447b3153e7f15d846de8b20278b48eb2c099e983ba400b64223d40a1d3c226891b9f3e053a9f191f454ed798
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTQ:ZRpAyazIliazTQ
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer